Hacker compromises data at George Mason University
Private information on 32,000 students and staff was compromised
Computerworld - The names, photos and Social Security numbers of more than 32,000 students and staff at George Mason University in Fairfax, Va., have been compromised as the result of a hacker attack against the university's main ID server.
The attack was discovered during a routine review of system files and prompted the school to disconnect the compromised server from the network, according to an e-mail sent to members of the university community yesterday by Joy Hughes, the school's vice president for information technology.
"It appears that the hackers were looking for access to other campus systems rather than specific data," Hughes wrote in her e-mail. "However, it is possible that the data on the server could be used for identity theft."
Law enforcement authorities and school officials are now investigating the incident, which was discovered last week but may have occurred as far back as November.
The affected server contained information on "all members of the Mason community who have identification cards," Hughes said in her message. The intruders also installed tools on the ID server that allowed other campus servers to be probed. Hughes, however, offered no details about the other GMU systems that may have been probed.
"There is no evidence that any of the data available on the Mason ID server has yet been used illegally," she wrote, while urging students and staff to contact the three major credit bureaus and place fraud alerts on their credit files.
The university is the largest state college in Virginia, with more than 28,000 enrolled students and over 4,000 employees, according to the GMU Web site.
Daniel Walsch, director of GMU's media center, said the break-in was discovered on Jan. 2. Preliminary indications are that hackers may have broken into the system as far back as late November, Walsch said.
"We felt that everything was secure and that we had safeguarded against something like this," he said, noting that the university is looking to see what other systems were also broken into. "There were some hints that [the hackers] were trying to open some other doors. We are not sure if anything else was compromised."
The incident is a black eye for an institution that is one of a few select universities to be designated as Centers of Academic Excellence in Information Assurance Education by the National Security Agency. Students at the university's Information Assurance Scholarship Program are placed in Defense Department jobs upon completion of the program, according to the school's Web site.
"What concerns me is that they promote themselves as being big in the infosec world," with someof the best resources and staff in the academic world, said one part-time student who asked not to be identified.
"In the 'Do as I say, not as I do' department, GMU has a Center for Secure Information Systems, [which is] both a research and teaching outfit," said another university source who also asked not to be named. "CSIS has numerous cooperative agreements with local defense and government contractors," which makes the break-in more significant, he said.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts