University Of Virginia Suffered A Security Setback

The university of Virginia has detected a security violation in one of its computer applications, which led to exposure of critical information belonging to the present and previous faculty members of the university.

The information that was leaked included Social Security numbers, names and dates of birth. However, no bank account, salary information or credit card information, was leaked in this assault.

The flaw was patched immediately after the discovery of the breach and a detailed inspection was done in this regard. The university police, in discussion with the FBI and the university's computing and audit experts, are carrying out this criminal examination. The investigation has exposed that on 54 individual days in-between May 20, 2005 and April 19, 2007, hackers hit into the record of 5,735 faculty members. None of the suspects has been identified.

Due to the University's old dependence on Social Security Number (SSN) as the ID number for each student and employee, the probable risk for revelation of critical information come from stolen, lost, or hacked desktop and laptops that hold ID numbers.

James Hilton, university's vice president and chief information officer in a statement published by Virginia.edu on June 8, 2007, expressed a deep regret towards the inconvenience caused due to the incident. Hilton further said, the theft had added a greater importance to the university's efforts to remove the critical information form the database such as Social Security numbers as well as other private information, which could be easily accessed from the web and later abused. He also said that the university is continuously improving its methods and practices so as to increase the security of critical information and guiding its workforce in data protection.

The University is very sensitive towards the threats posed by critical information and is working to reduce these threats. It is preparing to use a six-digit number, in place of the earlier system's use of SSN, to categorize employees.

Inspectors believe, hackers access the information in a special purpose Web application.

Hilton added, this information might not be obtained through everyday Web browsing. In fact, it needs a deliberate and sophisticated attack on the database.

Related article: University Reports Increase in Spam

» SPAMfighter News - 6/22/2007