Boston College, Calif. State University computers hacked
School officials say the hackers apparently weren't after personal data
Computerworld - A computer used for fund-raising activities at Boston College was hacked into last week, initially raising concerns that personal information, including Social Security numbers, of some 120,000 alumni might have been compromised.
Although BC alerted the affected alumni to the breach, the college is now sure that no personal data was stolen, said BC spokesman Jack Dunn.
The break-in at BC is the second such incident to be reported this week by a university. On Monday, officials at California State University in Chico disclosed that hackers had broken into a housing and food service system containing personal information -- including the names and Social Security numbers -- of about 59,000 current, former and prospective students, faculty and staff.
A statement on the school's Web site said the intruders apparently installed rootkit software on the system for storing music, movie and game files. They also attempted to break into other university computers, the school said.
At BC, Dunn said the hacker planted a program that would launch attacks against other computers.
"Last week, our IT department discovered a security breach on a computer that was managed by a third-party vendor and located in our student calling center," Dunn said. "During a routine monitoring of the computers, IT noticed a spike in activity on this particular computer, and when they discovered the breach, they immediately took the computer off-line, secured the breach and launched an extensive computer forensics investigation."
Dunn said the investigation concluded that the computer wasn't targeted to access personal information but to allow the hacker to launch remote attacks.
"IT has done a thorough investigation, and they have determined the personal information, including Social Security numbers, was not accessed," Dunn said. "But given the seriousness of the issue, we decided to send out the precautionary advisories to all of our alumni on the computer, and we offered guidelines they should consider to insure their privacy."
BC is now purging all Social Security numbers from this computer and will no longer use Social Security numbers as alumni identifiers, Dunn said. He said the school will institute a new identification system.
Dunn said BC has contacted local law enforcement but has not yet contacted state or federal authorities.
In California, officials at California State University are now notifying each person whose name and Social Security number was on the system in accordance with state law. There is no indication that the hackers were targeting confidential information, school officials said.
The compromised system has been "rebuilt and secured," and has been put back onto the university's network. The system is now being reviewedby an outside security firm.
News of the breach comes just as the university has put in place plans to use a new randomly assigned nine-digit ID number for students and employees instead of Social Security numbers.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts