AOH :: ISNQ7226.HTM

University Of Wisconsin-Madison Leaves 60, 000 SSNs Unprotected For Two Years

University Of Wisconsin-Madison Leaves 60, 000 SSNs Unprotected For Two Years
University Of Wisconsin-Madison Leaves 60, 000 SSNs Unprotected For Two Years 


http://www.darkreading.com/database-security/167901020/security/attacks-breaches/228800912/university-of-wisconsin-madison-leaves-60-000-ssns-unprotected-for-two-years.html 

By Kelly Jackson Higgins
Darkreading 
Dec 20, 2010

A recent database breach that potentially exposed the Social Security 
Numbers of 60,000 former students and staff at the University of 
Wisconsin is bringing attention to the way higher education institutions 
store and protect SSNs -- even after they've been discontinued as a 
student identification number.

The breach came to light earlier in the month when affected victims were 
informed by a letter from the university that their data might have been 
breached after sitting in an unsecure database for more than two years. 
Like many universities around the nation, University of Wisconsin had 
discontinued the use of SSNs in student identification numbers in 2008 
to better protect student identities. Unfortunately, the university 
retained information about affected individuals within the poorly 
protected database even after their IDs were deactivated.

University officials say they were made aware of an intrusion into the 
database in October and have not found the individuals responsible for 
the hack. Though sensitive data was stored within the database, it 
claims its forensic investigation didn't provide evidence that former 
student data was accessed.

"During our investigation and examination, we reviewed the available 
logs dating back to January 2008 and discovered the system suffered 
unauthorized accesses a number of times. However, supplemental logs 
available for a shorter time period did not show any evidence of file 
transfers consistent with the size of the database file that contained 
your personal information. Further, our investigation found no evidence 
that the unauthorized individuals were aware of your personal data in 
the database or that it has been retrieved or misused," the University 
of Wisconsin wrote in its letter (PDF) to potential victims.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/

Site design & layout copyright © 1986- CodeGods