[ISN] Hackers hit college computer system - Identity theft fears at
Sonoma State
InfoSec News
isn at c4i.org
Wed Aug 10 02:34:34 EDT 2005
http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2005/08/09/BAGLJE50C81.DTL
Stacy Finz
Chronicle Staff Writer
August 9, 2005
Hackers have broken into Sonoma State University's computer system,
where they had access to the names and Social Security numbers of
61,709 people who either attended, applied, graduated or worked at the
school from 1995 to 2002, university officials disclosed Monday.
So far, there have been no reports of identify theft that can be
linked to the break-in, which happened in July.
It was initially believed by the university's technical staff to be a
virus, but it turned out to be the latest in what has become a
nationwide security problem on college campuses.
Last year, hackers gained access to more than 178,000 names and Social
Security numbers of present and past San Diego State University
students. Similar incidents were reported that year at colleges across
California and in Georgia, Texas and New York.
Jean Wasp, a spokeswoman for Sonoma State, said campus administrators
don't believe the exposed data was stolen. Nonetheless, they are using
e-mails to notify as many people as they can locate addresses for --
nearly 6,000 so far -- about the security breach. She said the
university was hoping that the remaining 61,709 would learn of the
break-in from news reports. The campus, located in Rohnert Park, is
required by law to publicize the fact that the files were compromised.
"We don't think (the hackers) took anything," Wasp said. "We don't
really know what they were doing. They could have been using our
system just to attack another system."
Katharyn Crabbe, vice president for student affairs and enrollment at
Sonoma State, said the intruder had found a weakness in a Microsoft
Windows operating system that allowed access to seven workstations
containing the confidential information. Then, the hacker used the
school's system to break into other workstations outside the
university.
"All we know is that someone was in the room, so to speak," she said.
As soon as university officials realized what was happening, they
cleaned out the workstations to prevent the hacker from returning, and
they are working with Microsoft to repair the weakness in the
software, Crabbe said.
The compromised data did not contain bank and financial information,
credit card or driver's license numbers, she said.
Sonoma State urged anyone whose information could have been breached
to contact one of the three national credit-reporting agencies to
start a free fraud-alert process. More information about how to go
about the procedure has been posted on the school's Web site at
www.sonoma.edu/uaffairs/incident.
Colleen Bentley-Adler, spokeswoman for the California State University
chancellor's office, said at least 10 of their campuses had
experienced these types of computer break-ins.
One of the steps the university system is taking is dropping the use
of Social Security numbers and instead assigning students and staff
unique identifiers.
"I think it's impossible to completely stop it from happening," she
said. "But we're doing everything we can to make it more difficult."
More information about the ISN
mailing list