Boston College, Calif. State University computers hacked

Computerworld - A computer used for fund-raising activities at Boston College was hacked into last week, initially raising concerns that personal information, including Social Security numbers, of some 120,000 alumni might have been compromised.
Although BC alerted the affected alumni to the breach, the college is now sure that no personal data was stolen, said BC spokesman Jack Dunn.
The break-in at BC is the second such incident to be reported this week by a university. On Monday, officials at California State University in Chico disclosed that hackers had broken into a housing and food service system containing personal information -- including the names and Social Security numbers -- of about 59,000 current, former and prospective students, faculty and staff.
A statement on the school's Web site said the intruders apparently installed rootkit software on the system for storing music, movie and game files. They also attempted to break into other university computers, the school said.
At BC, Dunn said the hacker planted a program that would launch attacks against other computers.
"Last week, our IT department discovered a security breach on a computer that was managed by a third-party vendor and located in our student calling center," Dunn said. "During a routine monitoring of the computers, IT noticed a spike in activity on this particular computer, and when they discovered the breach, they immediately took the computer off-line, secured the breach and launched an extensive computer forensics investigation."
Dunn said the investigation concluded that the computer wasn't targeted to access personal information but to allow the hacker to launch remote attacks.
"IT has done a thorough investigation, and they have determined the personal information, including Social Security numbers, was not accessed," Dunn said. "But given the seriousness of the issue, we decided to send out the precautionary advisories to all of our alumni on the computer, and we offered guidelines they should consider to insure their privacy."
BC is now purging all Social Security numbers from this computer and will no longer use Social Security numbers as alumni identifiers, Dunn said. He said the school will institute a new identification system.
Dunn said BC has contacted local law enforcement but has not yet contacted state or federal authorities.
In California, officials at California State University are now notifying each person whose name and Social Security number was on the system in accordance with state law. There is no indication that the hackers were targeting confidential information, school officials said.
The compromised system has been "rebuilt and secured," and has been putback onto the university's network. The system is now being reviewed by an outside security firm.
News of the breach comes just as the university has put in place plans to use a new randomly assigned nine-digit ID number for students and employees instead of Social Security numbers.

Read more about security in Computerworld's Security Knowledge Center.