Security Breach Affects Students of MSU Extended University Courses
Security experts at MSU or Montana State University have discovered that an anonymous hacker compromised an Internet-connected computer on the campus that stored a database of Social Security numbers and credit card numbers of newly enrolled students for MSU Extended University courses for 2005-2007.
MSU has been notifying all the 1,400 enrolled students to alert them about the security breach. However, the university has no evidence of the hacker stealing any of the personal information. The hacked data were encrypted, said MSU officials.
The letter, addressed to individual students who enrolled online to continue with the October 2005 education courses, informed how they could obtain a costless credit report, issue a credit document with fraud alert, and keep track of accounts for any suspicious activity.
MSU spokeswoman Cathy Conover said, although the university is sure that there has been no theft of information, still they were considering the incident to be serious and so wanted to alert the students for a possibility of an impact. Greatfallstribune published this in news on October 12, 2007.
The hacking incident, however, remains unaffected for students who registered through the registrar's office or those who enrolled by mail or in person.
There is a possibility of exposure of records of students who had taken admission for programs and courses under the Montana State University's Extended Courses dating as early as October 2005. Security experts, as soon as they come to know about the breach, took the server offline.
Since there is no evidence of data being stolen, authorities refused to regard the incident as a criminal issue. But MSU informed its own Police about the event.
The past few months have seen many cases of data breach at several prominent organizations including businesses and large universities. In most of the situations, hackers tried to gain temporary hold of servers from where they could send spam mails or which could act as storage houses for downloadable programs.
In a similar incident, a probable identity theft put about 90 ex-students of Temple at risk in September 2007. Among other details, the information exposed included Social Security numbers, grades, usernames and passwords.
Related article: Securities Push Up A Must For Web Companies
» SPAMfighter News - 29-10-2007