Boston College, Calif. State University computers hacked
School officials say the hackers apparently weren't after personal data
Computerworld - A computer used for fund-raising activities at Boston College was hacked into last week, initially raising concerns that personal information, including Social Security numbers, of some 120,000 alumni might have been compromised.
Although BC alerted the affected alumni to the breach, the college is now sure that no personal data was stolen, said BC spokesman Jack Dunn.
The break-in at BC is the second such incident to be reported this week by a university. On Monday, officials at California State University in Chico disclosed that hackers had broken into a housing and food service system containing personal information -- including the names and Social Security numbers -- of about 59,000 current, former and prospective students, faculty and staff.
A statement on the school's Web site said the intruders apparently installed rootkit software on the system for storing music, movie and game files. They also attempted to break into other university computers, the school said.
At BC, Dunn said the hacker planted a program that would launch attacks against other computers.
"Last week, our IT department discovered a security breach on a computer that was managed by a third-party vendor and located in our student calling center," Dunn said. "During a routine monitoring of the computers, IT noticed a spike in activity on this particular computer, and when they discovered the breach, they immediately took the computer off-line, secured the breach and launched an extensive computer forensics investigation."
Dunn said the investigation concluded that the computer wasn't targeted to access personal information but to allow the hacker to launch remote attacks.
"IT has done a thorough investigation, and they have determined the personal information, including Social Security numbers, was not accessed," Dunn said. "But given the seriousness of the issue, we decided to send out the precautionary advisories to all of our alumni on the computer, and we offered guidelines they should consider to insure their privacy."
BC is now purging all Social Security numbers from this computer and will no longer use Social Security numbers as alumni identifiers, Dunn said. He said the school will institute a new identification system.
Dunn said BC has contacted local law enforcement but has not yet contacted state or federal authorities.
In California, officials at California State University are now notifying each person whose name and Social Security number was on the system in accordance with state law. There is no indication that the hackers were targeting confidential information, school officials said.
The compromised system has been "rebuilt and secured," and has been put back onto the university's network. The system is now being reviewedby an outside security firm.
News of the breach comes just as the university has put in place plans to use a new randomly assigned nine-digit ID number for students and employees instead of Social Security numbers.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts