Friday, March 7, 2003
|
|
|
Hackers Seize More Than 50,000 Social Security Numbers From U. of Texas DatabaseBy BROCK READ
Computer hackers broke into a database at the University of Texas at Austin on multiple occasions in the past two weeks, seizing the names and Social Security numbers of 55,200 individuals, according to university officials. The identity theft is one of the largest ever known to have afflicted a campus network. The database contained information on current and former students and faculty and staff members, as well as job applicants. The hackers who carried out the thefts -- which the university disclosed on Wednesday -- are still unknown, but university officials say there is no evidence that any of the downloaded information has been used illegally, to acquire credit cards or to withdraw funds from financial accounts. The information was captured in attacks carried out from two different computers. On Friday, and on two occasions in late February, someone using a computer in Austin broke into the database. On Saturday and Sunday, more data were stolen by someone using a computer in Houston. Investigators with the U.S. attorney's office have taken over the search for the computers. University officials have speculated that the attacks were launched by students, either working alone or with others. The attacking computers ran a computer program that cross-checked about three million possible Social Security numbers against those listed in a database the university used to track training classes for its employees. The program entered Social Security numbers from its list into the Texas database one at a time, returning information whenever it hit upon a valid number. In addition to names and Social Security numbers, the stolen information included e-mail addresses, office phone numbers, and addresses. No academic or health records were exposed. College-computing administrators discovered that the database had been breached during a routine system check on Sunday. The database was taken offline immediately. But Texas officials did not publicly announce the attacks until Wednesday, when the university released a report about the incidents on its Web site. "UT's highest priority has been to identify the source of the attack and to cooperate with law enforcement authorities to capture the perpetrator(s), and any associated computers and data," Daniel A. Updegrove, the university's vice president for information technology, wrote in the report. Mr. Updegrove did not return calls for comment. But in an earlier interview he told the Austin American-Statesman that the attacks were made possible by lax computer security. "We flat out messed up on this one," he said. "Shame on us for leaving the door open, and shame on them for exploiting it."
Background articles from The Chronicle:
|
|
|
|
 House members propose stripping pork-barrel projects from 2003 federal budget Surprising UMass again, governor halts construction-bond package Judge dismisses U. of Rochester's patent-infringement claim against makers of arthritis drug Federal appeals court sides largely with U. of New Mexico in patent dispute Oil magnate gives Oklahoma State U. $55-million, mostly for sports Hackers seize more than 50,000 Social Security numbers from U. of Texas database |
Copyright © 2003 by The Chronicle of Higher Education