BreachExchange mailing list archives
Hackers hit Iowa college database with 125, 000 students
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Tue, 9 Apr 2013 10:32:29 -0400
http://www.southwestiowanews.com/council_bluffs/news/other/hackers-hit-iowa-college-database-with-students/article_3dfaa834-a08e-11e2-a5c4-0019bb2963f4.html IOWA CITY (AP) – Hackers gained access to an online database containing personal information of 125,000 people who applied to take credit classes at an Iowa community college during the last eight years, the school said Monday. Kirkwood Community College in Cedar Rapids announced that "sophisticated hackers" using an international IP address hacked into the student application database on its website on March 13. College officials noticed a spike in activity on the site, and quickly shut it down and contacted the FBI to report the suspected breach, vice president of student services Kristie Fisher said. The college said the database contained names, social security numbers, dates of birth, race and contact information for those who applied for courses from February 2005 through March 2013. No financial information or grades were stored in the system, and the breach did not affect tens of thousands of students who take continuing education classes. Fisher said the college sent letters Friday to those who may have been affected by the breach, and announced the breach publicly Monday so that applicants who may have moved could hear about it and seek help. So far, no cases of identity theft or suspicious activity have been reported. The FBI is investigating, Fisher said. The college is offering assistance from identity theft experts for students who have questions or who may later need help restoring their identities if they are stolen. Kirkwood has also offered to pay for one year's worth of credit monitoring alerts so students can respond quickly to any unauthorized activity in their accounts. Kirkwood has hired Kroll Security at an initial cost of $350,000 to respond to the incident, including notifying and offering services to those affected, helping the college investigate the breach and improving security on its website, Fisher said. The cost could rise depending on how many students need assistance. Kirkwood restored its application database online last week after spending three weeks adding and testing new security features, Fisher said. The FBI has told college officials the hacking came from an international IP address, but Kirkwood does not know from which country, Fisher said. She said the database had security measures "that were not easy to get past," which signals the hackers were sophisticated. "We can't even say with certainty that they downloaded anything, but we know they successfully accessed the database," Fisher said. She said the college believes that its database was adequately protected, but that hacking has become too common. "Unfortunately, we think we just found ourselves in the middle of something that's happening all over the world," she said. "In today's world, you can't protect anything 100 percent when it's online." Kirkwood has locations in seven eastern Iowa counties, and says 25,000 students took credit classes last year. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- Hackers hit Iowa college database with 125, 000 students Erica Absetz (Apr 09)