UW-Madison warns 60,000 of card data theft

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://host.madison.com/wsj/news/local/education/university/article_f5966aac-0408-11e0-af11-001cc4c03286.html

Records with the names and identification card numbers of 60,000
people affiliated with UW-Madison were hacked into, compromising
Social Security numbers.
UW-Madison became aware of the problem Oct. 26 and notified the mostly
former students, faculty and staff members in a letter dated Nov. 30,
said UW-Madison spokesman John Lucas.

One of the files in the Wiscard system, which is administered through
the Wisconsin Union, contained old university photo IDs that had
social security numbers embedded in the ID number along with
corresponding cardholder names. No other personal identification
information was contained in the files.

"Before privacy was taken as seriously as it is today, a student's
Social Security number was embedded inside that ID card number," Lucas
said.

An investigation by UW-Madison's Division of Information Technology
and office of computer security found nothing to suggest that anyone
had downloaded or used the information in any unauthorized way, Lucas
said. The identities of those who obtained unauthorized access remain
unknown.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/