Compromise of Personal Information of UI Employees
University of Idaho (UI) is suspecting a security breach into the personal information of 2,700 employees. The compromise might be the result of uploading the data file containing the employees' names, birth dates and Social Security numbers to the college's Website in February 2007. Officials are notifying the affected individuals.
The data breach was the most recent in some regional college. The incident occurred after the pilferage of a bunch of systems from the office of fund-raising of the UI and the pilfering of a removable hard drive from some employee of the university in late 2006. Officials do not have reports of any fraudulent activity or problem arising out of the incidents.
The event is the third in a year for the school involving the compromise of personal information.
UI Provost and Executive Vice-President, Doug Baker said on March 9, 2007, the incident came as a severe blow. The university was highly concerned about the event and its officials were rapidly employing remedial action for the safeguard of people's data and to ensure it did not repeat in future. SPOKESMANREVIEW.COM published Baker's views on March 10, 2007. The school was revamping policies and procedures to handle sensitive information.
The hacked file included personal information of university staff but not any private financial account details. The data file was always used for the university's authorized activity, said Baker. The data in the file was in a special format, which people could read only with certain software, according to Baker. So there was no reason for the UI to believe that anyone accessed the information with impropriety. Moreover, there is no evidence that any part of the information in the file has been accessed illegally, reasoned Baker.
The information remained posted on the site for nineteen days. As soon as the university's computer specialists realized the error on February 27 2007, officials brought the information down and opened an investigation, said the UI. School is dispatching letters to those 2,700 workers whose information felt the impact. It has also established a website to post the latest updates of the case at http://www.vandalidentity.net/default.aspx?pid=97037.
Related article: Compromised CNET Website Spreading Malware
» SPAMfighter News - 19-03-2007