Robert McMillan, IDG News Service
Two weeks after discovering that its Web site had been used by hackers to flog fancy wedding rings, Southern Connecticut State University is notifying 11,000 current and former students that their Social Security numbers may have been compromised.
The personal data was in a file on the university's Web server, which was accessed by criminals who were using the university's site as part of a spam operation, said Patrick Dilger, the university's director of public affairs. "The hackers were using our Web server as a host for their own Web site," he said.
Pages on the university's site contained ads for diamond rings, Viagra and Cialis. After noticing the ads on April 9th, IT staff discovered the file containing the sensitive information. "When we were doing the security review after the hacker incident, we saw this file there and it wasn't properly secured, so it could have been targeted by someone," Dilger said.
The university believes that the hackers came from outside the U.S., and it is working with Connecticut's attorney general's office to investigate, Dilger said.
The file on the Web server contained names, addresses and Social Security numbers of students who had registered to graduate from the school, dating back to 2002.
Students affected by the breach are being offered identity protection services for two years.
The university's attack does not appear to be connected with these widespread attacks, however. In those hacks, attackers had been using the Web sites to attack other computers and infect them with malware. With Southern Connecticut, the motive appears to have been tied to spam.
0 comments:
Post a Comment