Go to the mobile version of this Web site.

Login | Contact Us | Site Map | Paid archives | Alerts | Electronic edition | Advertise | Subscribe to the paper | Today's Extras

Breaking News:

Subscribe

Hacker hits CU, puts data of 45,000 students at risk

Aresu Eqbali, Rocky Mountain News

Published May 23, 2007 at midnight

Text size  

More Tech & Telecom

More stories »

An attack on a computer server at the University of Colorado has exposed the names and Social Security numbers of almost 45,000 students.

After the latest campus data breach, the university said it is notifying students enrolled since 2002 and is taking extra security measures.

"Certainly there is human error involved," said Bobby Schnabel, CU-Boulder vice provost for technology. "It's a hard job keeping up with all these security patches that had not been done."

A weak spot in the Symantec anti-virus software had not been fixed by the information technology staff of the College of Arts and Science, the school said in a news release Tuesday.

In the last couple of years, similar incidents involving the exposure of names and Social Security numbers have occurred at the university.

Last December, a server in the Academic Advising Center was the target of hackers. In that case, personal data of 17,500 individuals were exposed.

Schnabel said the hackers did not necessarily target the sensitive data. It is more likely, he said, that they went after the computer server to try to infiltrate other machines outside the university.

Despite more sophisticated measures taken after every incident, holes still exist.

"Unfortunately, in our society it is so hard to protect information 100 percent of the time anywhere," Schnabel said.

The attack was on an individual department, which has fewer safeguards than the university's central system, he said.

Whether the ongoing investigation tracks down the machine used in the computer attack, Schnabel said, the school never will find the actual hacker.

"We have also taken steps to ensure that all sensitive personal data have been removed from our Academic Advising Center servers," said Todd Gleeson, dean of CU's College of Arts and Sciences.

The Privacy Rights Clearinghouse, a nonprofit consumer information and advocacy organization, has found that more than 154 million data records of U.S. residents have been compromised in hacking incidents since January 2005. College campuses account for a big number of those instances.

"The basic question to ask is why have the universities not encrypted those Social Security numbers?" said Beth Givens, director of the Privacy Rights Clearinghouse. The solution, she said, "is obvious and quite simple and not even that costly to encrypt the sensitive part of the data."

Missing data

• February 2005: A Metropolitan State College of Denver employee tells police that a burglar stole a laptop containing the names and Social Security numbers of 93,000 Metro students from his home.

• March 2005: DSW Warehouse announces that bank account and driver's license numbers from 96,000 customers are stolen by data thieves. Customers from three Colorado stores are affected.

• April 2005: A laptop containing the names and Social Security numbers of thousands of current and former MCI employees is stolen from an employee's garage in Colorado Springs.

• August 2005: The University of Colorado at Boulder announces that up to 49,000 people may have been exposed to identity theft during multiple attacks on CU servers by hackers.

• February 2006: Another Metro employee reports a laptop containing student name and social security information stolen, this time from her office.

Staff writer James Paton contributed to this report.

Post your comment

Registration is required. Click here to create your free user account, or login below.

Comments are the sole responsibility of the person posting them. You agree not to post comments that are off topic, defamatory, obscene, abusive, threatening or an invasion of privacy. Violators may be banned. Click here for our full user agreement.




(Forgotten your password?)




News Tip

Know about something we should be reporting? Tell us about it.

Sponsored links



Reprints