Hacker compromises data at George Mason University
Private information on 32,000 students and staff was compromised
Computerworld - The names, photos and Social Security numbers of more than 32,000 students and staff at George Mason University in Fairfax, Va., have been compromised as the result of a hacker attack against the university's main ID server.
The attack was discovered during a routine review of system files and prompted the school to disconnect the compromised server from the network, according to an e-mail sent to members of the university community yesterday by Joy Hughes, the school's vice president for information technology.
"It appears that the hackers were looking for access to other campus systems rather than specific data," Hughes wrote in her e-mail. "However, it is possible that the data on the server could be used for identity theft."
Law enforcement authorities and school officials are now investigating the incident, which was discovered last week but may have occurred as far back as November.
The affected server contained information on "all members of the Mason community who have identification cards," Hughes said in her message. The intruders also installed tools on the ID server that allowed other campus servers to be probed. Hughes, however, offered no details about the other GMU systems that may have been probed.
"There is no evidence that any of the data available on the Mason ID server has yet been used illegally," she wrote, while urging students and staff to contact the three major credit bureaus and place fraud alerts on their credit files.
The university is the largest state college in Virginia, with more than 28,000 enrolled students and over 4,000 employees, according to the GMU Web site.
Daniel Walsch, director of GMU's media center, said the break-in was discovered on Jan. 2. Preliminary indications are that hackers may have broken into the system as far back as late November, Walsch said.
"We felt that everything was secure and that we had safeguarded against something like this," he said, noting that the university is looking to see what other systems were also broken into. "There were some hints that [the hackers] were trying to open some other doors. We are not sure if anything else was compromised."
The incident is a black eye for an institution that is one of a few select universities to be designated as Centers of Academic Excellence in Information Assurance Education by the National Security Agency. Students at the university's Information Assurance Scholarship Program are placed in Defense Department jobs upon completion of the program, according to the school's Web site.
"What concerns me is that they promote themselves as being big in the infosec world," with someof the best resources and staff in the academic world, said one part-time student who asked not to be identified.
"In the 'Do as I say, not as I do' department, GMU has a Center for Secure Information Systems, [which is] both a research and teaching outfit," said another university source who also asked not to be named. "CSIS has numerous cooperative agreements with local defense and government contractors," which makes the break-in more significant, he said.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Cybercrime and Hacking White Papers | Webcasts