Hacker Compromises UM System Data

A hacker infiltrated into a computer system of University of Missouri in January 2007. The hack could have resulted in leakage of the Social Security numbers of about 1,220 people comprising mostly of faculty researchers. A computer monitoring system used for scanning online crimes first indicated the problem to the university on January 16, 2007. A further examination revealed that the first breach occurred two days earlier. However, Scott Charton, spokesman of the university said on February 3, 2007 that there were no reports of identity theft resulting from the possible compromise of the data.

The hacking might have also compromised the passwords of more than 2,500 people. The university has delivered e-mails and registered letters notifying the breach to all those affected.

The security violation occurred on the university's Research Board Grant Application System between 14 and 16 January 2007. The system stores information regarding grant application and review process. So far technicians have not been able to identify the hacker, but an investigation is ongoing.

The leakage of personal details could potentially affect 820 professors, 76 faculty staff, and 324 people who are primarily reviewers of grant applications.

Charton said there might have been compromise of another 2,579 passwords.

The affected system is now disconnected from the Internet. The system functions as an electronic clearing center for grant applications and payments made thereof. The application and payroll process often includes Social Security numbers. Moreover some users of the system might have replaced their own PC passwords with the numeric password provided by the system.

Charton reported that the university was unaware about what the hacker sought. It knew that someone has breached but not how far he went into the system data. The university has initiated some computer forensics to locate the hacker.

UM's Web site posted a statement that the breach took place through the system's Web-based application that was designed many years back and therefore lacks protection from modern Internet threats. Charton said the server has been taken offline. The university will install a new system in a few days that will absorb fresh research grant applications till mid-March.

Related article: Hacker & Virus in MySpace

» SPAMfighter News - 2/9/2007