Computer Crime Research Center


UConn Personal Data Exposed to Hackers

Date: June 29, 2005

University of Connecticut officials have discovered a 20-month-old security breach of a computer server that contains Social Security numbers and other personal information for about 72,000 members of the university community, the school said Friday.

Officials don't believe that any information was compromised, although there was an opportunity for someone to access it. The violation was discovered this week.

A computer hacker placed a "rootkit" program in the server in October 2003, said university spokesman Michael Kerntke. The program allows hackers to get into a computer and collect information while masking that the system is compromised.

The school said it appears the program failed an attempt to create a "backdoor" to the server that would have allowed the hacker access to the information. The personal information was not in a readable format, the school said.

The server contains names, Social Security numbers, dates of birth, phone numbers and addresses for anyone with a UConn Net ID -- an account that allows access to the school's computer network.

"The nature of the compromise indicates that the server was breached during a broad attack on the Internet and not the target of a direct attack," Kerntke said. "Therefore, the attacker most likely had no knowledge of the kind of data stored on the server."

UConn faculty, staff, students and vendors whose information may have been compromised would be notified by mail, the school said.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo