Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Computer security breach in urban affairs, agriculture

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Computer security breach in urban affairs, agriculture
Date: Fri, 27 Jan 2006 04:14:30 -0600 (CST) 
http://www.udel.edu/PR/UDaily/2006/jan/breach012506.html

Jan. 25, 2006

Two recent computer security breaches at the University of Delaware
have resulted in the possible exposure of names and Social Security
Numbers that were stored on the machines.

A computer in the University's School of Urban Affairs and Public
Policy was hacked, and a back-up hard drive in the UD Department of
Entomology and Wildlife Ecology was stolen.

The computer in the School of Urban Affairs and Public Policy was
attacked sometime between Nov. 22-26 by an unknown hacker, and it
contained a portion of a database that included Social Security
numbers for 159 graduate students. "Since the incident, those affected
have been notified, the file has been removed from the computer, and
we have taken steps to properly secure the system," Jeff Raffel,
director of the school, said.

A back-up hard drive was stolen from the Department of Entomology and
Wildlife Ecology some time between Dec. 16-18, and a police report was
filed Dec. 19. A valuable microscope worth nearly $6,000 and belonging
to Judith Hough-Goldstein, professor of entomology, also was stolen,
and it is believed the theft of the hard drive was an afterthought.  
The hard drive contained personal information on a few individuals,
and Jack B. Gingrich, a postdoctoral fellow in the department whose
hard drive was stolen, has informed all those involved.

The University's policy is to notify all individuals if their personal
information may have been compromised following such incidents, and in
both cases, letters have been sent to everyone whose personal
information may have been compromised. The letters informed them of
the breach and shared information on how to combat identity theft. It
is unknown whether any personal information was actually acquired in
either case.

Individuals with concerns about identity theft may visit a special web
site prepared by Information Technologies at
[www.udel.edu/security/identitytheft.html].

UD's Office of Information Technologies has conducted a campuswide 
campaign to help departments protect sensitive personal nonpublic 
information (PNPI), such as Social Security and credit card numbers. 
Every University department was visited and advised about proper 
security for stored PNPI. 

Information Technologies staff also stressed collecting such 
information only when required and reiterated the responsibility of 
each employee to follow UD policy, Delaware laws and federal laws and 
regulations for the processing and safekeeping of confidential, 
personal information.

"In every department, those individuals who are responsible for 
maintaining records must understand that they are responsible for 
assuring compliance with the Family Educational Rights and Privacy Act 
(FERPA) and other laws that govern the use of PNPI," Susan Foster, 
vice president for information technologies, said. 

"This includes not only the proper use of PNPI but the responsibility 
to secure systems in which it resides," she said.

Although the University has moved away from using Social Security 
Numbers as identifiers, some older databases that University 
departments and units set up in the past may still have such 
information.

Information Technologies has posted guidelines aimed at helping 
departments secure PNPI and make sure they are in compliance with the 
University policy and the law. Those can be found at 
[www.udel.edu/ssn/guid.html].

The guidelines direct departments to ensure the privacy of PNPI by 
encrypting electronic transmissions, not storing PNPI locally and 
protecting PNPI when working from home or outside the University.
Members of the University community with questions about uses of PNPI 
should call the Information Technologies Help Center at (302) 831-6000 
or send email to [consult@udel.edu].

Additional information is available at these sites:

* Protecting Personal Non-Public Information [www.udel.edu/ssn/]; 

* UD Computer Security [www.udel.edu/security/]; and 

* Responsible Computing: A Manual for Staff 
  [www.udel.edu/ecce/staff.htm].




_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Computer security breach in urban affairs, agriculture, InfoSec News <=
Previous by Date:  [ISN] Ameriprise Says Stolen Laptop Had Data on 230,000 People, InfoSec News
Next by Date:  [ISN] Thief nabs backup data on 365,000 patients, InfoSec News
Previous by Thread:  [ISN] Ameriprise Says Stolen Laptop Had Data on 230,000 People, InfoSec News
Next by Thread:  [ISN] Thief nabs backup data on 365,000 patients, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]