Thursday, May 10, 2007

Data breach at University of Missouri Computer Database

A hacker managed to access and download information from a computer database (owned by the University) that contained information on names and social security numbers of around 22,000 current and former employees and students. In a sign that officials realized that keeping this information was not safe, there was a project to removed social security numbers from unnecessary computer systems, but the project was not complete. Refer this report at DailyTech:


More than 22,000 current and former University of Missouri employees and students are at risk of identity theft after a hacker reportedly accessed a computer database containing names and Social Security numbers.
Campus IT people discovered the intrusion on Friday morning -- the hacker exploited a hole in a campus web site that is used "to make queries about the status of trouble reports to the university's computer help desk."
The school suffered a similar intrusion in January. In that incident, a hacker was able to secure more than 1,000 Social Security numbers and the passwords of around 2,500 users of an online grant application program.

The shocking thing is that this has happened before in January, and yet this happened again. Now, it is true that computer systems security is an evolving field with constant battles between security folks and hackers, but the fact remains that one would have expected a greater show of urgency towards making systems safe.
Now, the university is faced with the prospect of sending out letters to everybody who could be affected, including former employees and students. And stealing of social security numbers is very different from stealing of credit card information because a database of stolen social security numbers can cause immense identity theft cases.

No comments: