BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

MORE information regarding University Alabama Data Breach

From: Henry Brown <hbrown () knology net>
Date: Sat, 14 Feb 2009 06:27:55 -0600
http://www.tuscaloosanews.com/article/20090214/NEWS/902130209/1007?Title=UA_says_probe_continues_of__08_hacking

UA says probe continues of '08 hacking
By Wayne Grayson Staff Writer
Published: Saturday, February 14, 2009 at 3:30 a.m.
Last Modified: Friday, February 13, 2009 at 11:56 p.m.
Someone illegally gained access to 17 computer servers at the University of Alabama in November 2008, a UA official said Friday.
The computer hacking incident is still under investigation and no arrests have been made.
John McGowan, vice provost of information technology at UA, said the servers did not contain any student or medical records.
McGowan said the intrusion was discovered shortly after the hacker was finished. Law enforcement agencies, including the UA Police Department, were notified and the rest of the university's servers were scanned for any intrusions.
The servers had a database containing 37,000 records of lab data. They contain the names, addresses, birthdates and Social Security numbers of each person who has had lab work, such as a blood or urine test, done on the UA campus since 1994.
The hacker is believed to have gained access to the servers by performing a random scan of the university's network, McGowan said. Once a vulnerable server was found, the hacker attacked and upon finding nothing of interest, left, he said.
The forensic investigation concluded that the hacker was not in the system long enough to retrieve any confidential information, McGowan said.
The Friday announcement came in a letter addressed to all of those with information on the servers, asking them to place a fraud alert on their credit files and check bank accounts for unusual activity.
"While we have no indication that any of your personal information has been retrieved or used inappropriately, we are bringing this to your attention so that you can be alert to signs of any possible misuse of your information," McGowan said in the letter. 

--




Henry Brown
Information System Security Analyst
OPM/FISD/ITP/ACIT/SPT
256-489-4928




_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss
Previous By Date Next
Previous By Thread Next

Current thread: