ID Server Break-in Investigators Update University Community
Posted: March 22, 2005 at 1:00 am, Last Updated: November 30, -0001 at 12:00 am
The investigation into the ID server break-in is now nearing the end of its second month. Examination of the server has confirmed that no credit card, bank account, or home address information was available on the server.
The investigation has also confirmed that the kind of tools frequently used by hackers were on the server, and that they had not been placed there for a legitimate university purpose. The University Police are continuing to pursue leads concerning who may have been responsible for placing the tools on the server.
The University Police have looked into a number of reports about identity theft from concerned members of the campus community, but none appear to be related to the ID server break-in. Investigators were not able to establish if data on the server was downloaded or copied. For this reason, and because of the increasing reports of threats to data privacy currently in the news, it is recommended that members of the university community continue to monitor their credit bureau reports, credit card bills, and bank activity. The university will remain vigilant and will continue to investigate any reports of data compromise brought to investigators’ attention.
The investigation also included a record-by-record comparison of the data in the ID Card server with the corresponding data in the Banner system. The first pass through of the system has been completed and a set of records has been identified for further analysis.
The university is continuing to work to increase network and computer security on campus. ITU will be issuing directions on a regular basis on how members of the community can make their servers and workstations more secure.
A new update will be issued when new information is received.