[Politech] George Mason University reports major online intrusion [priv]

From: Declan McCullagh (declan@private)
Date: Tue Jan 11 2005 - 21:31:16 PST


Also see:
http://news.com.com/Hacker+worries+raise+hackles/2009-1002_3-5517270.html?tag=nefd.lede


---

Subject:
Illegal Intrusion into University Database
From:
"Joy Hughes, Vice President for Information Technology" <announce@private>
Date:
Sun, 09 Jan 2005 14:08:49 -0500
To:
ANNOUNCE04-L@private

To:  Mason Community

From:  Joy Hughes, Vice President for Information Technology

Subject: Illegal Intrusion into University Database

The university server containing the information relating to Masonís ID
cards was illegally entered by computer hackers.  The server contained
the names, photos, social security numbers and G numbers of all members
of the Mason community who have identification cards.

The intruder installed tools on the ID server that allowed other campus
servers to be probed.  An Information Technology Unit staff member
noticed the attack while reviewing system files as part of the
universityís internal controls procedures, and traced it back to the ID
server. The compromised ID server was disconnected from the network and
is no longer accessible.  The police are currently investigating the
break-in.  The university is subject to dozens of probes and attacks
each day.

There is no evidence that any of the data available on the Mason ID
server has yet been used illegally.  It appears that the hackers were
looking for access to other campus systems rather than specific data.
However, it is possible that the data on the server could be used for
identity theft.

Following are steps each of us should take to minimize the likelihood of
  ID theft from this, or any other similar incident.

     - Contact any of the three major credit bureaus to place a fraud
alert on your credit file.  The fraud alert advises new and potential
creditors that they should contact you before opening any new accounts
in your name.  Additionally your existing creditors are advised that
they should contact you prior to making any changes (e.g. credit limit
change) in your account.  Once you notify one credit bureau, the fraud
alert will be sent automatically to the other two.  All three bureaus
will send you credit reports free of charge once they receive the fraud
alert. The three credit bureaus can be contacted as follows:

     Transunion
     1-800-680-7289
     www.transunion.com

     Equifax
     1-800-525-6285
     www.equifax.com

     Experian
     1-888-397-3742
     www.experian.com

     - Continue to check all your accounts on a regular basis for
unusual activity.

     - The Federal Trade Commission Identity Theft Hotline gives a good
overview of what to do when you think your information may have been
stolen but have no evidence that it is being used.  The number is
1-877-438-4338.  Press #3. The Federal Trade Commission also has a
website with extensive information about identity theft at
www.ftc.gov/idtheft.


If you have further questions, please call 3-8116.  The universityís IT
Security Coordinator Cathy Hubbs is monitoring this line and will ensure
that your message is immediately forwarded to the most appropriate person.

We understand that taking these steps is inconvenient, and regret that
the server attack makes it necessary.  While it seems unlikely from the
evidence currently available that identity theft has occurred, it is
important to take these protective actions.  We will share any further
information about the intrusion and its effects as soon as it becomes
available.

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)



This archive was generated by hypermail 2.1.3 : Tue Jan 11 2005 - 22:12:12 PST