http://www.washingtonpost.com/wp-dyn/content/article/2007/06/08/AR2007060801704.html By Susan Kinzie Washington Post Staff Writer June 9, 2007 Hackers have been breaking into a University of Virginia database that included Social Security numbers and other personal information about faculty members over the past two years. School officials announced the security breaches yesterday, about a week after they discovered that, on 54 days between April 2005 and April 2007, someone broke into the records for more than 5,700 faculty members. Officials warned professors to carefully watch their financial accounts and have offered a year of free credit monitoring to everyone affected. "I'm concerned about it," said professor Brandt R. Allen, whose data were exposed. He said he had already been a little worried about online security: "We probably have a lot more breaking and entering than people realize." Many schools have had similar problems, and many have changed the types of personal information they store. U-Va. was in the process of moving from Social Security numbers to university-issued identification numbers, spokeswoman Carol Wood said. The theft brings greater urgency to that effort. Hackers got into an academic Web site that mistakenly included the database of professors' information, officials said. The database included names, Social Security numbers and dates of birth, but not financial information such as credit card numbers or bank accounts. No students or non-faculty staff members were affected. When officials sent out e-mail alerts, the names got mixed up, and the school had to send follow-up messages and post a clarifying note online: "If an e-mail came to your address, your information has been exposed -- even if the name in the salutation is not yours." That did not inspire confidence, Allen said. University police have launched a criminal investigation with assistance from the FBI and campus technology experts. The data have been removed and security has been shored up, according to school officials. But they are concerned that more than 3,500 of those affected no longer work at U-Va. and could be difficult to contact, so they hope former faculty members will check the school's Web site. © 2007 The Washington Post Company _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jun 11 2007 - 00:08:31 PDT