Share

Top 5 Stories

News

UMaine server breach exposes thousands of social security, credit card numbers

21 May 2012

The University of Maine has admitted to a server breach that may have exposed personal information, including social security and credit card numbers, on around 3,825 individuals.

Hackers breached a server that contained personal information on individuals who had made purchases through the campus-based computer stores at the UMaine and the University of Arkansas. The server was used by the University of Arkansas to conduct online transactions under an agreement with UMaine, according to a statement.

UMaine estimated that 2,818 individuals had their information compromised, including 435 credit card numbers and 1,175 social security numbers, while the University of Arkansas estimated that 1,007 individuals were affected.

“Any time these attacks occur anywhere in the world, it heightens our awareness and vigilance”, said Janet Waldron, UMaine vice president for finance and administration. “We are committed to maintaining the best computer security efforts to prevent such attacks and safeguard institutional data. It is a constant battle.”

Since 2007, the University of Arkansas has used the web-based tool called Buyers Search Assistant (BSA), a supply chain analysis and marketing system developed in 1999 by UMaine’s Computer Connection, a campus-based computer store. The compromised BSA server supported only online sales of campus computer stores and has no relationship with any other UMaine computer systems containing other student or university data.

University of Arkansas officials first learned of the security breach April 27 through a story posted on the Softpedia website by a hacker activist group.

When the UMaine System Information Security Office was notified, the computer server was taken offline and local, state, and federal law enforcement agencies were contacted, according to John Forker, chief information security officer for the UMaine System who is leading the investigation.

This article is featured in:
Data Loss  •  Internet and Network Security  •  IT Forensics

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×