Breach, Data Security, Malware, Vulnerability Management

Eastern Illinois University server hacked

The personal information of former, prospective, and current undergraduate students at Eastern Illinois University may have been stolen when a hacker gained access to the university's Office of Admissions server.

How many victims? 9,000.

What type of personal information? Unspecified data from student files and applications.

What happened? A machine was infected with the Virut computer virus, which spread to two other computers and the university's Office of Admissions server. The server became infected with a number of viruses, some of which gave attackers the ability to access it.

The breach was discovered Nov. 16 during a routine security check.

Details: The server contained electronic admissions application data from prospective undergraduate students dating from March 10, 2000, to Nov. 16, 2009. It is unclear whether the hackers accessed this information.

Those who did not submit their admission applications electronically are not affected by this breach.

Quote: “A machine was compromised by a virus so we don't believe it was a targeted attack against the university data system,” Adam Dodge, assistant director of information security for Eastern Information Technology Services told the Journal Gazette/Times-Courier.

“The Virut computer virus caused this,” Dodge said. “It has been around for a while, but new variants pop up often. We have updated the computers. It was spread by bad practice by a computer user.”

What was the response? The breach is currently under investigation and victims will be offered one year free credit monitoring. The university has created a web page with information about the breach.

Source: Journal Gazette/Times-Courier, JG-TC.com, “Computer data breach at EIU investigated,” Dec. 4, 2009.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.