“Interaction between twoincompatible software programs mimicked behavior consistent with malicioussoftware," said Dan Jones, university director of IT security, in a statement.
Officials initially had suspected as many as 9,500 individuals had their names, Social Security numbers, addresses and grades potentially exposed to hackers. But a forensic exam turned up no malicious software, and there was no exposure of student and staffprivate data.
So what happened?
"The functioning of the computers led us to initiate our data breachprotocol, which included providing notice to the community of a potentialthreat of identity theft," Jones said.
Dennis Maloney, chieftechnology officer for the university, said, "While the data was notcompromised, this incident still reinforces the need to constantlyimprove IT security at CU."
The scare prompted moves, such as re-scanningsystems for private data, eliminating Social Security and credit card numbersfrom all systems, encrypting laptop computers across campus, and improving passwordmanagement procedures.