University of Connecticut server breached

By

A server containing personal data of 72,000 students, faculty, and staff at the University of Connecticut was breached by a hacker that exploited an vulnerability in the system.

Although university officials said there is no indication that personal information on the server - including Social Security numbers -was actually accessed in the breach, they are notifying all who were affected.


The intrusion occurred on Oct. 26 last year, but was not detected until June 20. The intruder took advantage of an unknown security flaw in the data center server to install a rootkit program, officials said.

"The nature of the compromise indicates that the server was breached during a broad attack on the internet and not the target of a direct attack. Therefore, the attacker most likely had no knowledge of the kind of data stored on the server," UConn CIO Michael Kerntke said in a statement.

According to UConn, the personal information on the server was not in readable format and the attacker's attempt to install a backdoor for later access failed.

The server contained personal data for anyone who had a UConn Net ID - an account that allows access to University technology resources such as email addresses.

In light of the breach, UConn said it is reviewing its dependence on Social Security numbers as a unique identifier and implementing tighter network access controls.

The incident is just the latest in a series of breaches at universities across the U.S., including Stanford, U.C. Berkeley and Purdue.

www.uconn.edu

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?