University of Missouri reports computer security breach



The University of Missouri and law enforcement are investigating a recent attack on a database by an unknown computer hacker or hackers that allowed retrieval of names and Social Security numbers of 22,396 individuals associated with the University. Those affected were employees of any campus within the UM System during calendar year 2004 who were also current or former students at the Columbia campus.



The University of Missouri takes this breach very seriously and is working to alert the individuals whose information was improperly accessed, including instructions about how they may monitor their credit reports for suspicious activity. The University has been and will continue to work diligently to secure confidential data held in its computer systems. We are also working closely with law enforcement in our investigation of this event.



The university’s information technology staff first noted unusual activity on a computer application last Thursday, May 3. On Friday morning, May 4, UM technicians identified a large series of errors caused by faulty queries to the application and an associated database. These errors were first assumed to be caused by a problem with a system used to track computer help desk repair calls using the same database. The attack was confirmed by UM technicians that same day. They disabled the account that was being used by two overseas IP addresses to access the database from China and Australia. The vulnerable Web application is no longer available online.



An investigation was immediately launched, including a reconstruction of how the attack happened. Results were analyzed during the weekend and a list of the thousands of affected individuals was compiled. On Monday morning, May 7, MU Police were notified of the attack, and they immediately contacted the FBI to join the ongoing investigation.



The hacker got the 2004 information through a web page used to make queries about the status of trouble reports to the university’s Information Technology Help Desk based in Columbia. The information from 2004 had been compiled for a report and the resulting data was not subsequently removed from the computer system.



The hacker was able to reach the information by making thousands of queries over a span of hours, allowing the identities to be exposed one at a time. Records show the first attack entry from an IP address in China happened at 5:26 a.m. on Thursday, May 3. The last attack entry from the address in China came at 9:34 a.m. on Friday, May 4. The first attack entry from the IP address in Australia happened at 11:07 a.m. on Thursday, May 3, and the last attack from that address came at 7:28 a.m. on Friday, May 4.



The university is alerting individuals whose information was disclosed that they should request a free initial fraud alert to be placed on their credit files by calling any one of the three national credit reporting agencies – Equifax, Experian or TransUnion.



The university has also set up a telephone hotline and a web page to provide more information. The hotline may be called between 8 a.m. and 5 p.m., Monday through Friday. The toll-free number is 866-241-5619, and the local number in Columbia is 573-884-7222.



The Computer Security web page, including a question-and-answer section regarding this event and ways to contact the major credit reporting agencies, is http://doit.missouri.edu/computersecurity.



Questions from the media should be directed to the Office of University Communications at 573-882-4591.

Those affected include employees of any campus within the UM system during calendar year 2004 who were also current or former students at the Columbia campus.