Boston College, Calif. State University computers hacked
School officials say the hackers apparently weren't after personal data
Computerworld - A computer used for fund-raising activities at Boston College was hacked into last week, initially raising concerns that personal information, including Social Security numbers, of some 120,000 alumni might have been compromised.
Although BC alerted the affected alumni to the breach, the college is now sure that no personal data was stolen, said BC spokesman Jack Dunn.
The break-in at BC is the second such incident to be reported this week by a university. On Monday, officials at California State University in Chico disclosed that hackers had broken into a housing and food service system containing personal information -- including the names and Social Security numbers -- of about 59,000 current, former and prospective students, faculty and staff.
A statement on the school's Web site said the intruders apparently installed rootkit software on the system for storing music, movie and game files. They also attempted to break into other university computers, the school said.
At BC, Dunn said the hacker planted a program that would launch attacks against other computers.
"Last week, our IT department discovered a security breach on a computer that was managed by a third-party vendor and located in our student calling center," Dunn said. "During a routine monitoring of the computers, IT noticed a spike in activity on this particular computer, and when they discovered the breach, they immediately took the computer off-line, secured the breach and launched an extensive computer forensics investigation."
Dunn said the investigation concluded that the computer wasn't targeted to access personal information but to allow the hacker to launch remote attacks.
"IT has done a thorough investigation, and they have determined the personal information, including Social Security numbers, was not accessed," Dunn said. "But given the seriousness of the issue, we decided to send out the precautionary advisories to all of our alumni on the computer, and we offered guidelines they should consider to insure their privacy."
BC is now purging all Social Security numbers from this computer and will no longer use Social Security numbers as alumni identifiers, Dunn said. He said the school will institute a new identification system.
Dunn said BC has contacted local law enforcement but has not yet contacted state or federal authorities.
In California, officials at California State University are now notifying each person whose name and Social Security number was on the system in accordance with state law. There is no indication that the hackers were targeting confidential information, school officials said.
The compromised system has been "rebuilt and secured," and has been put back onto the university's network. The system is now being reviewedby an outside security firm.
News of the breach comes just as the university has put in place plans to use a new randomly assigned nine-digit ID number for students and employees instead of Social Security numbers.
Read more about Security in Computerworld's Security Topic Center.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!