Complain about a product or service

22,000 Hit In University Of Missouri Data Breach

By Martin H. Bosworth
ConsumerAffairs.com

May 9, 2007

Data Theft • Thieves Steal AT&T Laptop with Employee Data • Report: Data Breach Disclosure Laws Don't Affect Identity Theft • Patient Information Exposed in Data Breach at Walter Reed • Supermarket Chain Reports Data Breach • Report: Feds Still Not Doing Enough To Secure Data • Data Thieves Hit Georgetown University Students, Faculty • 800,000 Job Seekers At Risk In Gap Data Breach • TJX Data Breach Settlement Has Strings Attached • More ...

Hackers from overseas gained access to a database belonging to the University of Missouri last week, making off with the names and Social Security numbers of 22,396 current and former students and employees, circa 2004.

The university's information technology department noticed unusual activity in a Web-based application on May 3, and confirmed that the activity was the result of unauthorized database access on May 4.

The application provided reports on requests to the information technology department's help desk, the university said. The information collected in the application should have been removed, but was not, enabling the hackers to launch multiple queries and expose each identity record individually.

The offending application was shut down, and university authorities informed law enforcement.

"The University of Missouri takes this breach very seriously and is working to alert the individuals whose information was improperly accessed," said the press statement. "The University has been and will continue to work diligently to secure confidential data held in its computer systems. We are also working closely with law enforcement in our investigation of this event."

The university's response effort currently consists of a toll-free number for victims of the breach and a Web site explaining how to put fraud alerts on their credit reports.

The University of Missouri suffered a previous data breach in January when another hacker broke into university Web sites and made off with the Social Security numbers of 1,200 researchers. The attacker took advantage of a vulnerability in an out-of-date program used to manage and process grant applications.

Universities and colleges are often prime targets for hackers, as they often have inadequate resources for data security. Centers of higher learning also collect exhaustive amounts of personal information on students from the moment they step on campus, making any database containing the information a treasure trove for identity thieves.

Other Incidents

Ohio University was hit with multiple data breaches over a period of several years, including attacks on servers in its medical facilities which contained sensitive personal and medical data. The breaches led to the firings of several employees and promises of investigations on the state and federal levels.

The University of California at Los Angeles (UCLA) was hit with a massive data breach that began in October 2005, but was not discovered until November 2006. The breach claimed the information of 800,000 current and former students, faculty, and employees, and even prospective students who had never attended the university, but filled out forms at recruiting fairs.

And the University of California at San Francisco (UCSF) suffered a breach of its own when cybercriminals accessed a server in the office of the university president, making off with personal and financial information belonging to 46,000 students and employees.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Back to the top |