Log in

Posts Tagged ‘Colleges and Universities’

Unauthorized person breaks into Purdue University’s computer system

August 23rd, 2011

Data of former students accessed illegally

First it was the gaming sites, followed by big corporations like NASA, later it was the healthcare industry and now its time for educational institutes to get their data breached !

Hackers hacked big time into Purdue University’s server which contained the personal information, including Social Security numbers and course records, of more than 7,000 former Purdue University students. These students had enrolled into a Math course.

The breach

The breach took place on April 5, 2010. As soon as the Purdue staff learned about it, they took the server offline. The notification came 16 months after the discovery of the breach.

The server contained 6.6 million nine-digit numbers in the hacked files. It took Purdue six months to analyze those numbers. After analysis Purdue determined that approximately 65,000 of those number combinations could be Social Security numbers. The numbers were further reanalyzed and the University matched 7,093 of those number combinations to Social Security numbers of former students.

The computer showed older course records from 2000 through the summer session of 2005.

Not only ex- students but a few professors, family members and contractors were potentially affected. A letter was sent to those affected stating a toll-free phone number for inquiries at 866-520-0492

Breach investigation

Investigation by Purdue University officials showed that 7,093 Social Security numbers were accessed by the hacker.

According to Laszlo Lempert, head of the Department of Mathematics ”Through our investigation, we found no evidence that the unauthorized user attempted to find or read any files with personal information in our system, but felt informing people who may have been affected was a necessary precaution,” . “We regret the breach occurred, and we’ve taken extensive measures to prevent this from happening again.”

As per Purdue University policy, Social Security numbers are no longer used except where required by law. A Purdue identification number is issued to all students, alumni, faculty and staff.

Security tips by Purdue

Place a fraud alert on your credit file, if you haven’t already done so.
Close accounts that you believe have been tampered with.
File a complaint with the Federal Trade Commission. For step-by-step instructions and contact information, go to: http://www.ftc.gov/bcp/edu/microsites/idtheft/

AlertSec’s security services

Organisations and educational institutes which contain a large amount of data have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.

To protect information on laptops with encryption is of paramount importance if you want to comply to today’s legislation, not to mention the peace of mind for people managing security for a mobile workforce. We have found Alertsec Xpress to be secure, yet easy to use and implement.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Leakage of personal information leaves students & employees of six Florida universities exposed

August 13th, 2010

Six colleges in Florida had their students and employees’ personal data exposed due to a state library service center software glitch. The information was publically available on the Internet for 5 days.

Students, faculty, and employees at Broward College, Florida State College at Jacksonville, Northwest Florida State College, Pensacola State College, South Florida Community College, and Tallahassee Community College, all are at risk of exposed personal data, according to The College Center for Library Automation (CCLA), which provides automated library services and electronic resources to Florida public colleges.

Private information such as Social Security Numbers, names, driver’s license and card numbers of an estimated 126,000 students and employees was available on the internet after a library services firm serving the colleges inadvertently left the information in its database exposed for five days. The personal information in CCLA’s database did not include financial data or library usage records, and it was exposed between May 29 and June 2.

Six state community college colleges were affected because their borrower records were contained in temporary work files that were being processed at the time the breach occurred. The library agency learned of the incident on June 23, after a student reported finding his Social Security Number on the internet through a Google search.

The CCLA did not provide details of what the software upgrade entailed or why the upgrade left the database exposed, except that the compromised records had been stored in temporary work files that were being processed when the breach occurred.

“We pride ourselves on protecting private information and deeply regret this inadvertent exposure,” said Richard Madaus, CEO of CCLA. “I apologize to those involved for any worry or inconvenience this may cause them. We will continue to enhance our technology to safeguard all of the information entrusted to us.”

He also added “We’ve had some new grad hires who said when they took tests in college, they had to write their SSN on top of the test” to identify themselves, he says. “I think that’s changing, but there still are some old systems out there that need to be updated.”

The affected individuals are being notified by snail mail. Moreover, the agency has started with the investigation after discovering the breach, and the case has also been turned over to the county sheriff’s office. Also, the CCLA has set up a webpage about the breach and recommends that people affected by the breach place free fraud alerts on their credit files and check their credit reports for suspicious activity.

Want to prevent breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.