Skip the navigation

University admits to third data breach in three months

March 2, 2009 12:00 PM ET

Computerworld - The University of Florida in Gainesville late last month disclosed that a breach discovered in January exposed personal data on 97,200 students, faculty and staffers who attended or worked at the school between 1996 and 2009.

The latest breach involved a 20-year-old server that hosted free e-mail services and online course offerings for faculty members, as well as Web sites for fraternities and sororities.

The intrusion was discovered during a routine systems review by the university's IT staff, said a spokeswoman. She said the hackers accessed names and Social Security numbers.

The school is notifying most of those affected by the breach, the spokeswoman said, adding that it does not have contact information for about 5,000 potential victims. It is also creating an IT task force charged with finding possible security issues "before they become problems," she said.

Meanwhile, the school said in November that the names, birth dates, Social Security numbers and addresses of more than 330,000 current and former College of Dentistry patients had been exposed in a computer intrusion discovered on Oct. 3.

And an undated statement now on its Web site says a configuration error in the school's LDAP directory server opened a path for hackers to access the personal data of about 100 people.

This version of the story originally appeared in Computerworld's print edition.

Read more about Security in Computerworld's Security Topic Center.



Our Commenting Policies