Forensic exam concludes no breach happened at university
Processes that seemed to mimic malicious behavior led the University of Colorado-Boulder (CU) to disclose a possible breach, the school said this week.“Interaction between two incompatible software programs mimicked behavior consistent with malicious software," said Dan Jones, university director of IT security, in a statement.
Officials initially had suspected as many as 9,500 individuals had their names, Social Security numbers, addresses and grades potentially exposed to hackers. But a forensic exam turned up no malicious software, and there was no exposure of student and staff private data.
So what happened?
"The functioning of the computers led us to initiate our data breach
protocol, which included providing notice to the community of a potential
threat of identity theft," Jones said.
Dennis Maloney, chief
technology officer for the university, said, "While the data was not
compromised, this incident still reinforces the need to constantly
improve IT security at CU."
The scare prompted moves, such as re-scanning
systems for private data, eliminating Social Security and credit card numbers
from all systems, encrypting laptop computers across campus, and improving password
management procedures.
