Go to the mobile version of this Web site.

Login | Contact Us | Site Map | Paid archives | Electronic edition | Subscription Questions | Extras

HomeNewsLocal News

CU server hacked, 45,000 IDs at risk

Published May 22, 2007 at midnight

Text size  

A computer server at the University of Colorado's College of Arts and Sciences' Academic Advising Center was hacked, and 44,998 student names and Social Security numbers were exposed.

The students, enrolled at CU-Boulder from 2002 to the present, are being notified by the University of Colorado at Boulder's College of Arts and Sciences.

CU-Boulder IT security investigators on May 12 discovered that the worm entered the server through a vulnerability in its Symantec anti-virus software. That vulnerability had not been properly patched by Arts and Sciences Advising Center IT staff, according to a statement. CU-Boulder IT security investigators do not believe the hacker who launched the worm was seeking personal data, but rather was attempting to take control of the machine to allow it to infiltrate other computers both on-and-off the CU-Boulder campus.

"The server's security settings were not properly configured and its sensitive data had not been fully protected," said Bobby Schnabel, CU-Boulder vice provost for technology, said in a statement. "Through a combination of human and technical errors, these personal data were exposed, although we have no evidence that they were extracted."

Todd Gleeson, dean of CU-Boulder's College of Arts and Sciences, said he would request that all Arts and Sciences Advising Center IT operations be placed under the direct central control of CU's Information Technology Services department. He said all of the students whose data were exposed are being notified through letters from the college mailed to their homes.