UMaine server breach exposes thousands of social security, credit card numbers

Hackers breached a server that contained personal information on individuals who had made purchases through the campus-based computer stores at the UMaine and the University of Arkansas. The server was used by the University of Arkansas to conduct online transactions under an agreement with UMaine, according to a statement.

UMaine estimated that 2,818 individuals had their information compromised, including 435 credit card numbers and 1,175 social security numbers, while the University of Arkansas estimated that 1,007 individuals were affected.

“Any time these attacks occur anywhere in the world, it heightens our awareness and vigilance”, said Janet Waldron, UMaine vice president for finance and administration. “We are committed to maintaining the best computer security efforts to prevent such attacks and safeguard institutional data. It is a constant battle.”

Since 2007, the University of Arkansas has used the web-based tool called Buyers Search Assistant (BSA), a supply chain analysis and marketing system developed in 1999 by UMaine’s Computer Connection, a campus-based computer store. The compromised BSA server supported only online sales of campus computer stores and has no relationship with any other UMaine computer systems containing other student or university data.

University of Arkansas officials first learned of the security breach April 27 through a story posted on the Softpedia website by a hacker activist group.

When the UMaine System Information Security Office was notified, the computer server was taken offline and local, state, and federal law enforcement agencies were contacted, according to John Forker, chief information security officer for the UMaine System who is leading the investigation.

What’s hot on Infosecurity Magazine?