Another University Hit by BreachStudent Information on Server Exposed
The University of Wisconsin-Parkside is notifying approximately 15,000 students about a data breach after the campus IT staff, while performing routine maintenance, discovered that hackers had installed malware on one of the university's servers.
The breach is just the latest in a long string of cybersecurity incidents at U.S. colleges and universities (see: University Breaches: A Continuing Trend).
Information potentially compromised in the breach at the Wisconsin university includes names, addresses, telephone numbers, e-mail addresses and Social Security numbers of students who were admitted or enrolled at the university since fall 2010, according to a March 27 statement.
Upon discovering the malware, the affected server was immediately shut down, the university said. The incident was reported to campus police and the University of Wisconsin System legal counsel. The university also hired computer security consultant 403 Labs and launched an investigation to determine the source and extent of the security breach.
The investigation so far has not found the source of the malware or determined who gained unauthorized access, the university says. Investigators found evidence indicating that the attacker's motive was not identity theft and have found no proof of attempts to download names or Social Security numbers. According to an FAQ, the malware was most likely written to look for payment systems, the forensic firm says.
"UW-Parkside takes the security of all data, especially the personal information of its students, extremely seriously," says Ilya Yakovlev, UW-Parkside's chief information officer. "We believe the chance of sensitive data falling into the wrong hands is remote. At the same time, we have a responsibility to move quickly, conduct a thorough investigation, and ensure that this does not happen again."
In a statement sent to Information Security Media Group March 28, John Mielke, director of communications at the university, says the university is assisting affected individuals in the process of obtaining credit reports at no charge and encouraging them to monitor those reports and other financial statements.
Mielke also confirmed that the university has a chief information security officer.