Security Event YET ANOTHER!!! djf

[David Farber <dave () farber net>]

Begin forwarded message:

From: Matt Murray <mattm () optonline net>
Date: June 24, 2005 3:29:14 PM EDT
To: Dave Farber <dave () farber net>
Subject: Fw: Security Event
Reply-To: Matt Murray <mattm () optonline net>


From the University of Connecticut.

Matt Murray

mattm () optonline net

----- Original Message ----- From: "Michael.Kerntke () Uconn Edu"
To: <my UConn email address>
Sent: Friday, June 24, 2005 1:30 PM
Subject: Security Event



> Dear UConn Community Member,
>
> On June 20, 2005 University Information Technology Services received
> notification from a non-University corporation that an invalid logon
> attempt had originated from a computer within the University of
> Connecticut domain.  This automated notification was investigated  
> by UITS
> technical staff and it was discovered that a hacking incident had
> resulted in an unauthorized program, known as a rootkit, being  
> installed
> on a UITS data center server.
>
> After further investigation it was determined that this server  
> contained
> personal data for 72,000 individuals that possessed or had been  
> issued a
> UConn NetId since October 26, 2003. This data was potentially at  
> risk of
> being compromised by the hacker. The data being maintained for these
> individuals include Social Security Number, Name, Date of Birth,
> University Address, University Phone Number and Department Name.   
> Based
> on forensic analysis there is no indication that any of the data on  
> the
> machine was actually compromised - only that the opportunity for  
> someone
> to access it existed.
>
> While we have no indication that any of the information maintained on
> the server has been compromised we are encouraging members of the
> University community to monitor financial records over the next  
> several
> months carefully.  You may decide to place a fraud alert with the  
> three
> national credit reporting agencies.  A fraud alert does not affect  
> your
> credit score or your credit rating. When a fraud alert is placed on  
> your
> credit report, credit companies should contact you before approving  
> a new
> application for credit under your name. The three credit reporting
> agencies are able to respond to your concerns regarding fraud  
> alerts and
> their impacts.  Thanks to a new federal law, consumers can get one  
> free
> credit report per year from each of the three national credit bureaus:
> Equifax, Experian and Trans Union.  Contact information for these  
> will be
> available via the web site, noted below, that is devoted to this
> incedent.
>
> If, after a review of your credit report, you believe a crime
> (fraud/identity theft) has been committed against you as a result  
> of this
> incident, you should report your crime to your local law enforcement
> agency.
>
> In order to answer any questions that you may have regarding this
> incident a special phone line, 486-1988 (toll free 1-888-464-8266),  
> has
> been activated and will be monitored by the IT Security Office. We  
> have
> also created a web site, incident.uconn.edu, which will provide
> additional information and updates regarding this incident which is  
> being
> investigated by UConn Police.  You may also phone the UITS Help  
> Center at
> 486-HELP, for assistance in locating various resources that you may  
> need.
> We will provide additional information to you as it becomes available.
>
> This represents the University's official notification to you  
> regarding
> this incident.  As a further security measure be advised that the
> University will not be soliciting further information from you. As
> always, caution should be taken with regard to any future request  
> made to
> you regarding your personal information.  To ensure timely  
> distribution
> of this notice, we are also notifying Connecticut media of this  
> incedent.
>
> We regret any inconvenience that this incident may cause and are  
> working
> hard to ensure that such an incident won't reoccur.
>
> Sincerely,
>
>
> Michael Kerntke
> Chief Information Officer
> University of Connecticut



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/