[ISN] UW responds to security reports

From: InfoSec News (alerts@private)
Date: Thu Jan 31 2008 - 01:02:51 PST


http://badgerherald.com/news/2008/01/30/uw_responds_to_secur.php

By Ken Harris
The Badger Herald
January 30, 2008

University of Wisconsin responded to media reports Tuesday that twice as 
many people may have been affected by a UW security breach than 
previously suspected, stating there was no evidence of a further breach.

Brian Rust, director of communications for DoIT, said there was nothing 
to indicate anyone else has had his or her information exposed on the 
Internet.

UW originally reported 205 people had their Social Security numbers 
posted on an Internet database after making purchases from the 
university computer store. The database was available to the general 
public for about a year. The Associated Press reported as many as 529 
people may have had their information exposed.

Rust said he told the AP there may have been more; there may not have 
been more when asked if anyone else had been exposed.

We dont have any proof from any network logs their information was out 
on the Web, Rust said.

Rust said UW was not going to inform the other 304 people because they 
were not required to by law. The conditions that warrant being contacted 
were not met, he added.

According to Rust, UW was required to inform the original 205 people of 
the possible exposure because there was proof of outsiders visiting the 
site on which information had been posted.

The information was compiled originally to track purchases made at the 
store by UW faculty and staff. Members were required to swipe their UW 
ID card to verify their identity.

Some people were still using old IDs that had their Social Security 
numbers attached to them, and some numbers were placed in the database 
and open to be viewed by anyone.

Rust said up until this point, UW has suggested people exchange their 
old IDs for the new ones that are not attached to their Social Security 
numbers. However, the university will now be informing the old staff 
they must change IDs because the old cards will be voided starting March 
15.

Copyright 1995-2008 Badger Herald, Inc. Some rights reserved.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Thu Jan 31 2008 - 01:07:50 PST