By Ken Harris
The Badger Herald
January 30, 2008
University of Wisconsin responded to media reports Tuesday that twice as
many people may have been affected by a UW security breach than
previously suspected, stating there was no evidence of a further breach.
Brian Rust, director of communications for DoIT, said there was nothing
to indicate anyone else has had his or her information exposed on the
UW originally reported 205 people had their Social Security numbers
posted on an Internet database after making purchases from the
university computer store. The database was available to the general
public for about a year. The Associated Press reported as many as 529
people may have had their information exposed.
Rust said he told the AP there may have been more; there may not have
been more when asked if anyone else had been exposed.
We dont have any proof from any network logs their information was out
on the Web, Rust said.
Rust said UW was not going to inform the other 304 people because they
were not required to by law. The conditions that warrant being contacted
were not met, he added.
According to Rust, UW was required to inform the original 205 people of
the possible exposure because there was proof of outsiders visiting the
site on which information had been posted.
The information was compiled originally to track purchases made at the
store by UW faculty and staff. Members were required to swipe their UW
ID card to verify their identity.
Some people were still using old IDs that had their Social Security
numbers attached to them, and some numbers were placed in the database
and open to be viewed by anyone.
Rust said up until this point, UW has suggested people exchange their
old IDs for the new ones that are not attached to their Social Security
numbers. However, the university will now be informing the old staff
they must change IDs because the old cards will be voided starting March
Copyright 1995-2008 Badger Herald, Inc. Some rights reserved.
Subscribe to InfoSec News