The Chronicle: Daily news: 06/13/2001 -- 02

Search The Site

More options | Back issues

Day pass

Home

Opinion & Forums
The Chronicle Review Commentary Forums Live Discussions

Careers
News & Advice My Career homepage Search jobs by position type by discipline/field by state/region by institution Tools & Resources Employer Profiles

Multimedia

Resource Center

Services
Help Contact us About The Chronicle Subscribe Day pass Manage your account Advertise with us Rights & permissions Employment opportunities /r

Wednesday, June 13, 2001

Indiana U. Suffers Second Hacker Attack in Four Months
By FLORENCE OLSEN

A computer hacker may have stolen personal information, including Social Security numbers, from two Internet servers belonging to the School of Music at Indiana University at Bloomington. The June 4 computer attack came only four months after a widely publicized Internet security breach in the university bursar's office in which computer files containing student data were stolen.
The latest hacker could have gained access to names, addresses, and other contact information for 1,900 people who had requested information about the music school. But university officials say they cannot be certain about the extent of the breach because the hacker erased the system logs that show which files were vulnerable.
On June 11, the university notified all 1,900 people who had filled out the online forms. About 1,700 of them had also entered their Social Security numbers in an optional portion of the request form.
A flaw in the Linux operating system that allowed the hacker to gain access to the Internet servers has since been patched, university officials said. The university has also removed the optional part of the application form that asked for the requester's Social Security number.
In addition, Indiana will phase out its use of Social Security numbers as student identifiers by 2003, a decision made before the recent security breaches, said Susan Dillman, a spokeswoman for the university. Many security experts advise universities against using Social Security numbers as student ID's because university computer networks are frequent targets of hackers.
Stolen computer files containing the names and Social Security numbers of 3,100 Indiana students were sent over the Internet on February 6, after a technician in the bursar's office accidentally misconfigured a computer server. The mistake let an intruder gain access to the university server from a computer at Uppsala University in Sweden.

Background article from The Chronicle:

Students Fault Indiana for Delay in Telling Them About Stolen Files (3/16/2001)

Easy-to-print version

E-mail this article

Professors at Sacred Heart U. are denied opportunity to unionize

Flooding ravages research facilities in Houston; lab animals drown by the thousands

Stanford Microdevices agrees to change its name, ending dispute with university

European groups sign pact to coordinate their support of research

Ethics board will investigate college ex-president over online-bookstore deal

Indiana U. suffers second hacker attack in four months

Web site tracks statewide virtual university projects