August 18, 2015
By David Moran by www.courant.com
UConn’s School of Engineering was the victim of a “criminal cyberintrusion” that could have been going on for almost a year and a half, and personal information, such as Social Security numbers and credit card information, may have been compromised, the university said in a statement on Friday.
UConn said the hack has been traced to China and was first detected on March 9, 2015, but could have originated on Sept. 24, 2013.
The school said it immediately took the School of Engineering’s servers offline when it detected the breach in March and has since taken further steps to protect the school from future cyber attacks.
UConn said its information technology specialists “have no direct evidence that any data was removed from the School of Engineering’s servers,” although they have reason to believe that personal information may have been “compromised.”
UConn said people who may have been affected by the data breach would be personally notified and given the option to enroll in identity protection services.
“UConn places the highest priority on maintaining the security and integrity of its information technology systems,” Michael Mundrane, UConn’s chief information officer, said in a statement. “That’s why, in addition to assisting individuals and research partners in responding to this incident, we’re taking steps to further secure our systems.”
The school said it is still trying to determine how many people the data breach could potentially affect.
UConn’s IT department first detected the hack on March 9 when it found “malicious software, or ‘malware,’ on a number of servers that are part of the school’s technical infrastructure,” UConn’s statement said.
UConn said that once it detected the attack it “immediately notified” all faculty and staff at the School of Engineering that their log-in credentials may be been compromised and advised them to change their passwords.
Working with Dell SecureWorks to investigate the breach, UConn said the initial intrusion may have occurred on Sept. 24, 2013, “with further penetration of the system occurring after that date.”
UConn said that, as a result of the breach, it is conducting a “comprehensive review” of all the school’s IT-related security practices and procedures to guard against future cyber attacks and that no further breaches have been detected since March.Read the original article here.