[ISN] Hackers again hit CU

InfoSec News isn at c4i.org
Wed Aug 3 06:04:39 EDT 2005


By Felisa Cardona 
Denver Post Staff Writer  
A computer security breach at the University of Colorado at Boulder
has left all 29,000 students, some former students and as many as
7,000 staff members vulnerable to identify theft, the school warned
Monday evening.
Hackers gained access to information on the CU-Boulder identification
Buff OneCard used by students. The card contains Social Security
numbers, names and photographs.

The incident marks the third computer security breach at CU-Boulder
since July 21.

Although the potential for identity theft exists, there is no evidence
that the personal information was stolen or used, and no financial
information was affected, campus officials said.

The Buff OneCard is used for identification purposes and to gain
access to campus buildings, residence halls and laboratories.

The breach was reported to the information technology department on
Wednesday. The servers were isolated and taken off line.

The unauthorized access was detected because IT officials were on high
alert after attacks July 21 on computers at the Wardenburg Health
Center and the Visual Resource Center of the College of Architecture
and Planning, said Dan Jones, IT security coordinator for CU-Boulder.  
Those incidents affected 42,000 people.

A forensic investigation is underway.

"It's too early to say that it's the same people," Jones said of the
three incidents. "As you can imagine, people were looking at the
systems over the last breach and noticed the system had been behaving

Although a major concern is identity theft, it's common for hackers to
break into a system such as CU's in order to send spam e-mail without
being detected or to use the computer network infrastructure to share
pirated movies and software.

Matt Martin, a graduate student at CU, says he's not too worried about
the incident.

"I've had my Social Security number turned in at the top of term
papers and never worried about it," Martin said. "If somebody wants my
number, they do not have to hack into a system to get it."

Several higher-education campuses across the country, including the
University of California at Berkeley, Boston University and Georgia
Tech, have become targets for computer hackers in recent years.

In response to that, CU decided in April to convert all students'
identification numbers from Social Security numbers to a new unique
student number that cannot be used to obtain or extend credit.

However, there are some campus computer systems that still must
maintain Social Security numbers, Jones said.

Beginning Wednesday, the university will issue Buff OneCard
replacements at no cost in Willard Hall, room 182.

A hotline was established to respond to individual inquiries about the
breach: 303-492-0600.

About 6,000 students who live in residence halls will get new access

Incoming students who are not scheduled to get their Buff OneCards
until the beginning of the fall semester will be given new cards and
were not affected by the breach, university officials said.

More information on the incident is posted at

Staff writer Christopher Ortiz contributed to this report.

More information about the ISN mailing list