Joined: Mon 09-06-2004 7:51PM Posts: 1916 Location: The B Barn
Source: MST-WPA Wireless
Quote:
University of Missouri reports computer security breach
The University of Missouri and law enforcement are investigating a recent attack on a database by an unknown computer hacker or hackers that allowed retrieval of names and Social Security numbers of 22,396 individuals associated with the University. Those affected were employees of any campus within the UM System during calendar year 2004 who were also current or former students at the Columbia campus.
The University of Missouri takes this breach very seriously and is working to alert the individuals whose information was improperly accessed, including instructions about how they may monitor their credit reports for suspicious activity. The University has been and will continue to work diligently to secure confidential data held in its computer systems. We are also working closely with law enforcement in our investigation of this event.
The university’s information technology staff first noted unusual activity on a computer application last Thursday, May 3. On Friday morning, May 4, UM technicians identified a large series of errors caused by faulty queries to the application and an associated database. These errors were first assumed to be caused by a problem with a system used to track computer help desk repair calls using the same database. The attack was confirmed by UM technicians that same day. They disabled the account that was being used by two overseas IP addresses to access the database from China and Australia. The vulnerable Web application is no longer available online.
An investigation was immediately launched, including a reconstruction of how the attack happened. Results were analyzed during the weekend and a list of the thousands of affected individuals was compiled. On Monday morning, May 7, MU Police were notified of the attack, and they immediately contacted the FBI to join the ongoing investigation.
The hacker got the 2004 information through a web page used to make queries about the status of trouble reports to the university’s Information Technology Help Desk based in Columbia. The information from 2004 had been compiled for a report and the resulting data was not subsequently removed from the computer system.
The hacker was able to reach the information by making thousands of queries over a span of hours, allowing the identities to be exposed one at a time. Records show the first attack entry from an IP address in China happened at 5:26 a.m. on Thursday, May 3. The last attack entry from the address in China came at 9:34 a.m. on Friday, May 4. The first attack entry from the IP address in Australia happened at 11:07 a.m. on Thursday, May 3, and the last attack from that address came at 7:28 a.m. on Friday, May 4.
The university is alerting individuals whose information was disclosed that they should request a free initial fraud alert to be placed on their credit files by calling any one of the three national credit reporting agencies – Equifax, Experian or TransUnion.
The university has also set up a telephone hotline and a web page to provide more information. The hotline may be called between 8 a.m. and 5 p.m., Monday through Friday. The toll-free number is 866-241-5619, and the local number in Columbia is 573-884-7222.
The Computer Security web page, including a question-and-answer section regarding this event and ways to contact the major credit reporting agencies, is http://doit.missouri.edu/computersecurity.
Questions from the media should be directed to the Office of University Communications at 573-882-4591.
Contact: Scott Charton Office: 573-882-4591 Cell: 573-864-9672 Email: chartons@umsystem.edu
Joined: Tue 08-15-2006 5:14PM Posts: 125 Location: tj north
Source: TJ North
Quote:
The university is alerting individuals whose information was disclosed that they should request a free initial fraud alert to be placed on their credit files by calling any one of the three national credit reporting agencies – Equifax, Experian or TransUnion.
Joined: Wed 04-17-2002 3:51AM Posts: 370 Location: On campus.
Source: Bureau of Mines #1
I got the email saying I was fucked earlier today. But then 2 subsequent emails say:
Quote:
Those affected include employees of any campus within the UM system during calendar year 2004 who were also current or former students at the Columbia campus.
I never took any classes at the Columbia campus. But they say those affected "include" rather than those affected "are", so I'm probably still fucked.
The e-mail posted in this thread was sent out to everyone. If you received an e-mail earlier this morning specifically stating that you were affected, yes, you are indeed fucked. But if you didn't get that, you're fine.
BTW, since some people love playing the blame game, this is the fault of someone up at Mizzou, and not UMR.
this is the fault of someone up at Mizzou, and not UMR.
of course it was mizzou. our IT department couldn't possibly mess up
They've messed up before, but not this badly
Unfortunately, so much of our crap does run through UM's systems (Peoplesoft, helpdesk ticket system, and I believe Blackboard, plus a bunch of apps used by staff here that students never see), and based on what I've seen working here, their IT department isn't nearly as, shall we say, competent, as UMR's is. This is an excellent example.
I am writing to you because on May 3 and May 4, 2007, a database containing the names and Social Security Numbers of certain current and former University staff was accessed by an unknown individual or individuals who gained unauthorized online access to a University computer system. Your name and Social Security Number were included in this disclosure.
We do not know the specific purpose behind this unauthorized access, but evidence indicates that the information was accessed intentionally. The University considers this a serious matter and has notified law enforcement authorities.
Although we have no reason to believe that an unauthorized person is using your personal information, because the database contained your Social Security Number you may want to take steps to avoid possible identity theft. This could include placing a fraud alert on your credit files to let creditors know to contact you before opening new accounts. You can do this by calling any one of the three credit reporting agencies listed below.
Experian Equifax TransUnion
888-397-3742 800-525-6285 800-680-7289
You may also wish to check your credit report. You can get a free copy of your credit report at http://www.annualcreditreport.com or by calling 877-322-8228. When you receive your credit report, look it over carefully for accounts you did not open. Look for inquiries from creditors that you did not initiate and look for personal information, such as home address and Social Security Number, that is not accurate. If you see anything you do not understand, call the credit reporting agency at the telephone number on the report.
If you do find suspicious activity on your credit report, call your local police or sheriff’s office and file a police report of identity theft. You should get a copy of the police report in case it is needed to give to creditors to clear up your records. You should also contact the Missouri Attorney General’s Identity Theft Hotline at 800-392-8222 and file an Identity Theft Complaint Form with the Attorney General’s Office.
Even if you do not find any signs of fraud on your reports, you may want to check your credit report every three months for the next year. You can find additional information on the Missouri Attorney General’s website at http://www.ago.mo.gov/publications/idtheft.htm, and on the Federal Trade Commission’s website on identity theft at http://www.ftc.gov/bcp/edu/microsites/idtheft.
We deeply regret that this occurred and are reviewing systems, applications, and procedures in an attempt to remove the possibility of an event of this nature recurring.
In order to answer any questions that you may have regarding this incident a special phone line, (573) 884-7222 or toll-free (866) 241-5619 has been activated and will be answered from 8 AM to 5 PM CST, Monday through Friday. Additional information about this security incident is available at http://doit.missouri.edu/computersecurity.
Sincerely,
Gary K. Allen, DVM, PhD
Vice President for Information Technology, University of Missouri System
Chief Information Officer, University of Missouri-Columbia
_________________ Invention, my dear friends, is 93 percent perspiration, six percent electricity, four percent evaporation and two percent butterscotch ripple.
Users browsing this forum: No registered users and 0 guests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum
Login
Register
FAQ
Search
