The University of Colorado at Boulder said that a computer belonging to the Division of Continuing Education and Professional Studies was compromised, leaving people open to potential identity theft. The computer had personal data, including names, Social Security numbers, addresses and grades of as many as 9,500 people.
This latest incident follows recent ones at the University of Massachusetts in Boston, where hackers breached the computer system used by UMass Amherst's Health Services, potentially exposing medical records; and at Southern Connecticut State University in New Haven, where
11,000 current and former students' Social Security numbers may have been compromised.
In Colorado, an analysis of the data compromise is being conducted by a computer forensics firm hired by the university, the university said. The data compromise affects students who were enrolled between 1997 and 2003, as well as some instructors.
“I am deeply troubled that this compromise occurred despite efforts underway across campus to address computer security,” said University of Colorado Chancellor G.P. “Bud” Peterson. “We will continue and strengthen our efforts.”
Greg Stauffer, spokesman for IT services at the school, told SCMagazineUS on Monday that, “A lot of personal information has to be collected as a matter of course at a university. We regularly scan our computers to see if any exposures exist. Unfortunately, we found some [information] that had not been properly deleted.”
In addition, security investigators discovered a malicious file on April 24 and began analyzing log files to determine the extent of the exposure and whether any information was accessed, he said. The investigators are still trying to determine the intent of the malicious file and whether it allowed perpetrators to gain access to any private data.
See original article on scmagazineus.com