“Interaction between two incompatible software programs mimicked behavior consistent with malicious software," said Dan Jones, university director of IT security, in a statement.
Officials initially had suspected as many as 9,500 individuals had their names, Social Security numbers, addresses and grades potentially exposed to hackers. But a forensic exam turned up no malicious software, and there was no exposure of student and staff private data.
So what happened?
"The functioning of the computers led us to initiate our data breach protocol, which included providing notice to the community of a potential threat of identity theft," Jones said.
Dennis Maloney, chief
technology officer for the university, said, "While the data was not
compromised, this incident still reinforces the need to constantly
improve IT security at CU."
The scare prompted moves, such as re-scanning systems for private data, eliminating Social Security and credit card numbers from all systems, encrypting laptop computers across campus, and improving password management procedures.