VCU: Hackers gained access to 2 computer servers

RICHMOND, VA (WTVR) – VCU has issued a campus alert after a potential security breach compromised personal data at some of the university’s computer servers.

In fact, the university says 176,567 VCU students, faculty, staff and alumni were impacted after hackers gained access to two computer servers last month.

The hackers infected one of the servers with some type of virus that allowed the, to download 16 minutes worth of confidential information including name or id, date of birth, and even social security numbers.

“We can’t be 100 percent certain that these files were not acessed,” said VCU Chief Information Officer Mark Willis. “But we were able to attract the activities of the intruders very well.  So, we know what they were up to, what they were doing.”

Willis believes the information that could have been compromised goes back as far as to 2005.

Some students and staff wondered why the school did not notify everyone about the breach sooner.

Willis says the university needed to figure out which files were impacted and make sure they had correct data about what occurred.

However, some VCU students say they feel vulnerable because they do not know who may have their personal information.

“We’re always so worried about people worried about people stealing our identity and social security numbers, which is a really big deal now a days,” said Ester Fiore.

Officials say source of the breach involves three internet addresses outside of VCU’s campus . The FBI is also investigating the incident.

VCU also warns students, staff and alumni to check their bank statements and other accounts for any suspicious activity. 

Additionally, the University has fixed the problem and added another security layer to the servers impacted by the breach.

Here’s is the report, posted on VCU’s website, about the security breach:

To the VCU and VCU Health System communities:

A security incident has resulted in unauthorized access to a Virginia Commonwealth University computer server containing files with personal information on current and former VCU and VCU Health System faculty, staff, students and affiliates.  We believe the likelihood is very low that any personal data on the individuals in the files was compromised, but it is impossible to be completely certain, so we are notifying all involved via email and first-class mail.

On October 24, routine monitoring of servers supporting a VCU system uncovered suspicious files on one of the devices.  The server was taken offline and a forensic investigation was launched to identify what unauthorized activities had taken place and the vulnerabilities that led to the compromise. The vulnerabilities have been corrected, and it has been determined that this server contained no personal data.

Five days later, VCU’s continuing investigation revealed two unauthorized accounts had been created on a second server, which also was taken offline. Subsequent analysis showed the intruders had compromised this device through the first server. The intruders were on the server a short period of time and appeared to do nothing other than create the two accounts.

Files on this second server contained data on 176,567 individuals. Data items included either a name or eID, Social Security Number and, in some cases, date of birth, contact information, and various programmatic or departmental information.

Our investigation was unable to determine with 100 percent certainty that the intruders did not access or copy the files in question.  We believe the likelihood that they did is very low. However, because this data was potentially exposed, we are proactively informing of this event and subsequent actions affected individuals can take to monitor personal information.  The following website contains more detailed information about this incident, as well as how to monitor your personal information, including credit monitoring or acquiring identity protection services:  http://go.vcu.edu/securityincidentresponse .

VCU continues its investigation and is working with local and federal law enforcement agencies. If you have any questions or concerns, please contact the Security Information Center we have established to handle your inquiries:  (855) 886-2931 or responseteam@vcu.edu.  Over the next two weeks, this Security Information Center helpline will be staffed from Monday to Friday 7:30 am – 8:00 pm, Saturday from 10:00 am – 6:00 pm and Sunday from 12:00 pm – 8:00 pm to answer your questions.

VCU is reviewing its information technology security measures and procedures and will make improvements to prevent this type of incident from happening again.  We regret this incident, and I apologize for any inconvenience or worry this may have caused you.

Sincerely,

Mark D. Willis

Chief Information Officer

Article source: http://www.wtvr.com/news/wtvr-vcu-warns-of-possible-server-security-incident-20111111,0,1294637.story?track=rss

View full post on National Cyber Security