University of Central Florida Hacked, 63,000+ Social Security Numbers Stolen

[Petrovic]

2015 was devastating for the universities in the United States due to increase in cyber attacks. The hackers were able to steal massive personal data from the University of Virginia, Penn State University, University of Chicago, the University of Maryland and Uniformed Services University.

 

It seems like 2016 won’t be any different because hackers have managed to steal around 63,000 Social Security numbers and names of previous and current University of Central Florida UCFstudents as well as employees, which further establish the fact that schools and academic institutions are increasingly becoming the targets of cyber security threats.

 

This stolen data includes around 600 current student-athletes and ex-student-athletes from the 2014-15 session, student staff managers and salient related positions. That’s not all, others who got their data stolen are current UCF employees and some previous ones who were employed as far back as the 1980s.

 

The information was disclosed on Thursday and the FBI’s Jacksonville office is investigating the matter with UCF Police along with other agencies. According to FBI officials, the agency has sent out notifications to colleges all over the US “in an effort to identify other potential victims,”reports Orlando Sentinel.

 

In January this year, the UCF got hints of a problem in their system but did not publicly announced about the hack until a month later after working with experts and related authorities to determine the exact details of what has happened, stated the officials.

 

The positions that were targeted include the undergraduate student employees, which also include those doing work-study jobs, graduate assistants, adjunct faculty instructors, housing resident assistants, student government leaders and those faculty members who were being paid by the University for teaching additional classes.

 

The incident highlights an important aspect, that hackers have become pro at stealing data from schools, government and other institutions, states Indiana University’s Center for Applied Cybersecurity Research Director Von Welch.

 

Welch further added: 

Quote

“It’s an extremely hard situation for folks like UCF to be in. They have the large databases … All it takes is one mistake for hackers to exploit. If you’re anything less than perfect, these hacks can occur.”

 

The university’s IT department head Joel Hartman stated that it is yet unclear who is behind this attack but it is apparent that the hack was conducted by multiple individuals gradually.

 

He further stated that the stolen information does not include credit card information and grades but other information such as student and employee ID numbers were hacked. The affected individuals will be notified via letters, which will be mailed by Friday.

Article source

[Pequi]

"Generally, a hacker can acquire access to any database using the phishing method, says Welch, in which a fake email is sent to an employee which appears to be sent by the boss and contains malicious malware."

 

They never mention the OS.  Opening an email attachment caused the leak ?

I'm amazed the University offers SECURITY courses ...

 

PS The IT head (Dr. Joel Hartman) is specialized in Windows and Oracle. Figures.

[straycat19]

They have hacked six, yes SIX, universities out of the over 7200 universities and colleges that are in the U.S.  Doesn't say much for the hackers but speaks loads about university security  for the over 7200 institutions that haven't been hacked.  The data they acquired is pretty useless since, though they claim to have obtained social security numbers, the numbers they actually hacked are employee ID numbers, which look like social security numbers, but aren't.  Part of the security on institutional sites is only the use of employee ID numbers on internet accessible databases, social security numbers are kept on secure systems only accessible in Human Resources.  Universities moved to this system over 13 years ago as another security measure to protect employee data.  Being a security officer on a campus is the most difficult job in the world since he is always battling both students and faculty whenever he brings up a change in the system that they fear might endanger their freedom of access, and if you think a security officer can ever overrule the faculty senate or student government association you need to think again.  It took two years of begging, pleading, glad handing, cajoling, rationalizing, threatening, and every other action you can think of, just to get the faculty to allow the change for all users from administrator to user status.  It literally took thousands of hours of meetings and trial runs to get that accomplished, even though the actual change was just 'flipping a switch' in the Microsoft Systems Center server that automatically removed administrator access on all the computer and made everyone a user.