Computerworld - The University of Notre Dame in Indiana is investigating an apparent hack of a university server that may have exposed confidential data belonging to an undisclosed number of donors to the school.
The hack took place on Jan. 13 and was discovered the same day by the university's information security staff, said Hilary Crnkovich, Notre Dame's vice president of public affairs. The school has no indication that any data that may have been exposed in the attack is being misused, she said.
"The computer security breach was on a remote server used to store donor information," Crnkovich said. "Donors who could have been affected [were] informed" last week both via e-mail and hard-copy letters, she said.
The affected server, which was not connected to any of the university's central databases, has since been taken off-line and is being scoured for evidence by two forensics experts, Crnkovich said.
The Notre Dame incident is the latest in a string of data compromises at major universities around the country in recent months.
Just last month, the University of Kansas in Lawrence shut down a student-housing Web site after detecting a security defect that allowed the public to view personal and financial information of people who applied for student housing using the university's online application process.
The site contained names, addresses, birth dates, partial and complete credit card numbers, and Social Security numbers for about 9,200 people. Though there was no evidence suggesting that any of the information was misused, the university notified all affected individuals as a precautionary measure, according to a statement on its Web site.
Last July, a server at the University of Connecticut was breached, resulting in the compromise of data, including Social Security numbers on 72,000 students, faculty and staff. And last March, a computer used for fundraising activities at Boston College was hacked -- raising concerns that personal information, including Social Security numbers, of some 120,000 alumni might have been compromised.
That same month, California State University in Chico disclosed that hackers had broken into a housing and food service system containing personal information -- including the names and Social Security numbers of about 59,000 current, former and prospective students and faculty.
Breaches such as these demonstrate once again the importance of securing data, and not just the network perimeter alone, said Brandon Hoff, senior vice president at CipherOptics Inc. in Raleigh, N.C. "Securing the network with perimeter technologies is a good first step, but the ultimate goal is data protection," he said in an e-mailed statement. "It'stime for organizations to look at where data resides on their networks to identify vulnerabilities in their data security."
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
