Nov 17, 2008 : University Breach Affects 333K Patients
📅 - -- A data breach at The University of Florida's dental school (http://www.dental.ufl.edu) last month has left the private information of 333,000 people in jeopardy, according to reports on ITBusiness.ca.
The intrusion marks the latest incident involving a compromised college network, which are often criticized for having significant security vulnerabilities. In August, hackers gained access to the New Zealand's University of Otago staff member accounts and used it to send out some 1.55 million spam emails in two-and-a-half days.
The University of Florida revealed in a statement last week that the compromised information included the names, dates of birth, Social Security numbers, addresses, and in some cases, the dental procedures of current and former College of Dentistry patients dating back as far as 1990.
The unencrypted data was taken from a database on the compromised server, said the school, adding that it has notified the 330,000 people.
School officials said it hopes that another 8,000 affected patients whose current mailing addresses they could not uncover will learn about the data breach through media coverage.
The school's IT staff first learned of the breach on October 3 during the server's upgrade procedure, discovering that the attackers had installed malware on the server from a remote location.
The IT staff "immediately disconnected" the server from the Internet after discovering the breach, and has since then deployed stronger security measures. However, the university did not disclose any information about these new measures.
Prior to the breach, the system already had extensive security measures in place, including the encryption of data while in transit, as well as the reinforcement of firewalls and intrusion-detection systems, said the school.
In the statement, the school also explained that it waited for more than a month to alert the potentially compromised patients because the school's IT employees and external consultants needed to figure out the size of the breach and how many individuals had been affected.
Once this information was determined, law enforcement officials requested the school to withold the disclosure until it concluded its investigation. The university also needed to to set up a call center and website to accomodate the barrage of questions that it anticipated from affected individuals.
The time taken to notify the affected patients was well within the 45 days of discovering a potential compromise that is required by Florida breach disclosure rules,said the school's spokesperson.
Just as other comparable disclosures in the past, the school did not say what kind of server was compromised or offer details on how the attacker managed to break into it. The school also did manage when the breach started or how long it took to be discovered.
The university is also taking additional precautionary measures by looking at nearly 60,000 other computers on its campus for similar security vulnerabilities.
The intrusion marks the latest incident involving a compromised college network, which are often criticized for having significant security vulnerabilities. In August, hackers gained access to the New Zealand's University of Otago staff member accounts and used it to send out some 1.55 million spam emails in two-and-a-half days.
The University of Florida revealed in a statement last week that the compromised information included the names, dates of birth, Social Security numbers, addresses, and in some cases, the dental procedures of current and former College of Dentistry patients dating back as far as 1990.
The unencrypted data was taken from a database on the compromised server, said the school, adding that it has notified the 330,000 people.
School officials said it hopes that another 8,000 affected patients whose current mailing addresses they could not uncover will learn about the data breach through media coverage.
The school's IT staff first learned of the breach on October 3 during the server's upgrade procedure, discovering that the attackers had installed malware on the server from a remote location.
The IT staff "immediately disconnected" the server from the Internet after discovering the breach, and has since then deployed stronger security measures. However, the university did not disclose any information about these new measures.
Prior to the breach, the system already had extensive security measures in place, including the encryption of data while in transit, as well as the reinforcement of firewalls and intrusion-detection systems, said the school.
In the statement, the school also explained that it waited for more than a month to alert the potentially compromised patients because the school's IT employees and external consultants needed to figure out the size of the breach and how many individuals had been affected.
Once this information was determined, law enforcement officials requested the school to withold the disclosure until it concluded its investigation. The university also needed to to set up a call center and website to accomodate the barrage of questions that it anticipated from affected individuals.
The time taken to notify the affected patients was well within the 45 days of discovering a potential compromise that is required by Florida breach disclosure rules,said the school's spokesperson.
Just as other comparable disclosures in the past, the school did not say what kind of server was compromised or offer details on how the attacker managed to break into it. The school also did manage when the breach started or how long it took to be discovered.
The university is also taking additional precautionary measures by looking at nearly 60,000 other computers on its campus for similar security vulnerabilities.
Reads: 1340 | Category: General | Source: TheWHIR : Web Host Industry Reviews
Want to add a website news or press release ? Just do it, it's free! Use add web hosting news!
📅 - 
📅 - 
📅 - 
📅 - 
📅 -