Hackers hit Iowa college database with 125, 000 students

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.southwestiowanews.com/council_bluffs/news/other/hackers-hit-iowa-college-database-with-students/article_3dfaa834-a08e-11e2-a5c4-0019bb2963f4.html

IOWA CITY (AP) – Hackers gained access to an online database
containing personal information of 125,000 people who applied to take
credit classes at an Iowa community college during the last eight
years, the school said Monday.

Kirkwood Community College in Cedar Rapids announced that
"sophisticated hackers" using an international IP address hacked into
the student application database on its website on March 13. College
officials noticed a spike in activity on the site, and quickly shut it
down and contacted the FBI to report the suspected breach, vice
president of student services Kristie Fisher said.

The college said the database contained names, social security
numbers, dates of birth, race and contact information for those who
applied for courses from February 2005 through March 2013. No
financial information or grades were stored in the system, and the
breach did not affect tens of thousands of students who take
continuing education classes.

Fisher said the college sent letters Friday to those who may have been
affected by the breach, and announced the breach publicly Monday so
that applicants who may have moved could hear about it and seek help.
So far, no cases of identity theft or suspicious activity have been
reported. The FBI is investigating, Fisher said.

The college is offering assistance from identity theft experts for
students who have questions or who may later need help restoring their
identities if they are stolen. Kirkwood has also offered to pay for
one year's worth of credit monitoring alerts so students can respond
quickly to any unauthorized activity in their accounts.

Kirkwood has hired Kroll Security at an initial cost of $350,000 to
respond to the incident, including notifying and offering services to
those affected, helping the college investigate the breach and
improving security on its website, Fisher said. The cost could rise
depending on how many students need assistance.

Kirkwood restored its application database online last week after
spending three weeks adding and testing new security features, Fisher
said.

The FBI has told college officials the hacking came from an
international IP address, but Kirkwood does not know from which
country, Fisher said. She said the database had security measures
"that were not easy to get past," which signals the hackers were
sophisticated.

"We can't even say with certainty that they downloaded anything, but
we know they successfully accessed the database," Fisher said.

She said the college believes that its database was adequately
protected, but that hacking has become too common.

"Unfortunately, we think we just found ourselves in the middle of
something that's happening all over the world," she said. "In today's
world, you can't protect anything 100 percent when it's online."

Kirkwood has locations in seven eastern Iowa counties, and says 25,000
students took credit classes last year.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.