Thread: NE-Hacker strikes UNK computers

Published Thursday July 3, 2008
Hacker strikes UNK computers
BY KHRISTOPHER J. BROOKS
WORLD-HERALD STAFF WRITER



Nine computers at the University of Nebraska at Kearney were hacked into through a computer based in the Republic of Slovenia, a university official said Wednesday.

Five of the computers contained Social Security numbers of some students, faculty members and staff employees.

Because that information was exposed, UNK mailed more than 2,000 letters notifying people of the incident and urging them to take steps to protect their identities, said Deborah Schroeder, assistant vice chancellor of information technology.

The breach occurred June 8 with computers at the College of Natural and Social Sciences. The university discovered it the following day.

Information technology staff conducted an investigation and learned that the UNK computers were accessed through a computer in Slovenia, though it is unknown if the hacker was actually in that country.

Schroeder and her staff then blocked all remote access to UNK desktop computers, including for faculty and staff members.

"As soon as we learned that there was a possible security incident, we secured our network so that it couldn't happen again," she said.

The affected computers were two each from the biology, history and psychology departments and one each from the mathematics, computer science and sociology departments.

Schroeder said no academic records were accessed. She said the university had never had its computer system broken into before.

Schroeder said UNK is only now notifying people about the incident because it took three weeks to determine which computers were broken into.

Her staff then had to find addresses for 2,035 people affected by the breach. Letters to them were mailed Tuesday.

Schroeder said the letters recommend that people monitor their credit reports "to make sure that there are no unusual changes in their credit history."

She said the investigation determined that the hacker didn't click on and open each file that contained names and Social Security numbers.

Still, she said, there's a chance that the intruder used a special tool to copy those files off UNK computers.

• Contact the writer: 444-1229, khristopher.brooks@owh.com

http://www.omaha.com/index.php?u_page=2 ... d=10372641

Security Incident : Home

Announcement from the University of Nebraska at Kearney

On June 8, 2008, University of Nebraska at Kearney officials learned of a security breach involving certain desktop computers in the College of Natural and Social Sciences. The University’s investigation revealed unauthorized external access to nine faculty and staff Windows desktop workstations. The investigation also revealed that five of the computers contained files with names and social security numbers. It is possible the intrusion was intended to either disrupt normal business or use the computers’ processing power to launch similar attacks on other computers, possibly only to proliferate spam. The intruder may not have been aware that files with personal information were stored on the computers. The computers involved in the incident were immediately secured and the University took additional steps to prevent unauthorized external access to any campus computers.

A letter has been mailed to every person whose name and Social Security Number were found in files on the compromised computers. We will not contact anyone over the phone or via email regarding this incident. We strongly recommend that people do not release Social Security Numbers in response to telephone or email contacts that they have not initiated.

For more information, see the Security Incident Frequently Asked Questions page.


http://www.unk.edu/securityincident/