UT Austin hack yields personal info on thousands

[InfoSec News <isn () c4i org>]

Forwarded from: Alot of ISN subscribers :)

http://www.nwfusion.com/news/2003/0306utaustin.html

[ https://www.utexas.edu/datatheft/  - WK]

By Paul Roberts
IDG News Service
03/06/03

An Internet-based attack on computer systems at the University of 
Texas at Austin yielded personal information on more than 55,000 
individuals, including current and former students, current and former 
faculty, staff and job applicants, according to a statement posted on 
the university's Web site. 

The attack was first detected Sunday when computer systems personnel 
at the university noticed that a computer was malfunctioning.

Analysis of the problem revealed that it was the result of an attack 
and that an administrative data reporting system used by the 
university had been compromised in that attack, according to the 
university. 

The attacker or attackers apparently used a "blunt force" approach to 
cracking the system, writing a program that input millions of Social 
Security numbers to the system. Social Security numbers that matched 
records in the UT database were captured. 

In addition to the victims' Social Security numbers, the attackers 
gained access to e-mail addresses, titles, phone numbers and 
university department addresses. Academic and health records were not 
exposed, the university said. 

Approximately 55,200 individuals had some of their data exposed in the 
attack, the university said.

The university is working with the U.S. Attorney's Office as well as 
the U.S. Secret Service to locate those responsible for the break-in 
and is working to contact all of those affected by the attack, it 
said. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.