Tis is getting monotonous -- date thief at UT- Austin

[Dave Farber <dave () farber net>]

On Sunday, March 2 at 7:20 p.m., computer systems personnel at UT Austin
discovered a computer malfunction. The affected computer system was
immediately shut down, and detailed analysis was begun.

What happened?

The malfunction was assessed to be the result of a deliberate attack from
the Internet. Subsequent analysis revealed that a security weakness in an
administrative data reporting system was exploited by writing a program to
input millions of Social Security numbers. Those SSNs that matched selected
individuals in a UT database were captured, together with e-mail address,
title, department name, department address, department phone number, and
names/dates of employee training programs attended. It is important to note
that no student grade or academic records, or personal health or insurance
information was disclosed.

Is there evidence that the stolen data have been misused or disseminated?

UT, in conjunction with the U.S. Attorney¹s Office, the U.S. Secret Service,
and other law enforcement agencies, has focused its efforts since Sunday
evening on identifying the perpetrator(s) of the break-in and recapturing
the stolen data. To date there is no evidence that the stolen data have been
distributed beyond the computer(s) of the perpetrator(s).

What is UT doing about this?

UT¹s highest priority has been to identify the source of the attack and to
cooperate with law enforcement authorities to capture the perpetrator(s),
and any associated computers and data. Our second priority will be to assess
the extent of further data exposure ­ if any ­ and to establish a proactive
communication program with affected individuals and the UT community.

How many individual records were exposed?

Approximately 55,200 individuals had some of the above data exposed. This
group includes current and former students, current and former faculty and
staff, and job applicants.

How will affected individuals be notified?

The University is currently developing a communication plan and will contact
affected individuals as soon as possible. At this juncture, there is no
evidence that the data have been further exposed or misused.

Comments or questions sent to datatheft () its utexas edu will reach the UT
Incident Response Team. (Do not send your Social Security number in any
e-mail message.)

UT regrets this incident and commits to do whatever is required to ensure
the integrity of the data of all our past and present colleagues.

Daniel A. Updegrove
Vice President for Information Technology
The University of Texas at Austin

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/