A server containing personal data of 72,000 students, faculty, and staff at the University of Connecticut was breached by a hacker that exploited an vulnerability in the system.
Although university officials said there is no indication that personal information on the server – including Social Security numbers -was actually accessed in the breach, they are notifying all who were affected.
The intrusion occurred on Oct. 26 last year, but was not detected until June 20. The intruder took advantage of an unknown security flaw in the data center server to install a rootkit program, officials said.
“The nature of the compromise indicates that the server was breached during a broad attack on the internet and not the target of a direct attack. Therefore, the attacker most likely had no knowledge of the kind of data stored on the server,” UConn CIO Michael Kerntke said in a statement.
According to UConn, the personal information on the server was not in readable format and the attacker’s attempt to install a backdoor for later access failed.
The server contained personal data for anyone who had a UConn Net ID – an account that allows access to University technology resources such as email addresses.
In light of the breach, UConn said it is reviewing its dependence on Social Security numbers as a unique identifier and implementing tighter network access controls.