[ISN] U-Va. Officials Announce Database Breach

From: InfoSec News (alerts@private)
Date: Mon Jun 11 2007 - 00:00:51 PDT


http://www.washingtonpost.com/wp-dyn/content/article/2007/06/08/AR2007060801704.html

By Susan Kinzie
Washington Post Staff Writer
June 9, 2007

Hackers have been breaking into a University of Virginia database that 
included Social Security numbers and other personal information about 
faculty members over the past two years.

School officials announced the security breaches yesterday, about a week 
after they discovered that, on 54 days between April 2005 and April 
2007, someone broke into the records for more than 5,700 faculty 
members. Officials warned professors to carefully watch their financial 
accounts and have offered a year of free credit monitoring to everyone 
affected.

"I'm concerned about it," said professor Brandt R. Allen, whose data 
were exposed. He said he had already been a little worried about online 
security: "We probably have a lot more breaking and entering than people 
realize."

Many schools have had similar problems, and many have changed the types 
of personal information they store. U-Va. was in the process of moving 
from Social Security numbers to university-issued identification 
numbers, spokeswoman Carol Wood said. The theft brings greater urgency 
to that effort.

Hackers got into an academic Web site that mistakenly included the 
database of professors' information, officials said.

The database included names, Social Security numbers and dates of birth, 
but not financial information such as credit card numbers or bank 
accounts. No students or non-faculty staff members were affected.

When officials sent out e-mail alerts, the names got mixed up, and the 
school had to send follow-up messages and post a clarifying note online: 
"If an e-mail came to your address, your information has been exposed -- 
even if the name in the salutation is not yours."

That did not inspire confidence, Allen said.

University police have launched a criminal investigation with assistance 
from the FBI and campus technology experts. The data have been removed 
and security has been shored up, according to school officials. But they 
are concerned that more than 3,500 of those affected no longer work at 
U-Va. and could be difficult to contact, so they hope former faculty 
members will check the school's Web site.

© 2007 The Washington Post Company



_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon Jun 11 2007 - 00:08:31 PDT