CU computer hacked, 45k student names, S.S. numbers exposed
May 23, 2007
DENVER (AP) ” A hacker broke into a computer server at the University of Colorado College of Arts and Sciences’ Academic Advising Center, exposing the names and Social Security numbers of nearly 45,000 students, officials said Tuesday.
University officials were sending letters notifying students enrolled at CU-Boulder from 2002 until the present that their information was compromised.
Computer security investigators on May 12 discovered a worm had entered the server through a vulnerability in its antivirus software, which had not been properly patched by Arts and Sciences Advising Center’s IT staff, according to a CU statement.
“The server’s security settings were not properly configured and its sensitive data had not been fully protected,” said Bobby Schnabel, CU-Boulder vice provost for technology, said in a statement. “Through a combination of human and technical errors, these personal data were exposed, although we have no evidence that they were extracted.”
Investigators believe the hacker was seek to take control of the machine to allow it to infiltrate other computers and wasn’t seeking personal data.
Todd Gleeson, dean of CU-Boulder’s College of Arts and Sciences, said he would request that all Arts and Sciences Advising Center IT operations be placed under the direct central control of CU’s Information Technology Services department.