Breach, Data Security, Vulnerability Management

Forensic exam concludes no breach happened at university

Processes that seemed to mimic malicious behavior led the University of Colorado-Boulder (CU) to disclose a possible breach, the school said this week.

“Interaction between twoincompatible software programs mimicked behavior consistent with malicioussoftware," said Dan Jones, university director of IT security, in a statement.

Officials initially had suspected as many as 9,500 individuals had their names, Social Security numbers, addresses and grades potentially exposed to hackers. But a forensic exam turned up no malicious software, and there was no exposure of student and staffprivate data.

So what happened?

"The functioning of the computers led us to initiate our data breachprotocol, which included providing notice to the community of a potentialthreat of identity theft," Jones said.

Dennis Maloney, chieftechnology officer for the university, said, "While the data was notcompromised, this incident still reinforces the need to constantlyimprove IT security at CU."

The scare prompted moves, such as re-scanningsystems for private data, eliminating Social Security and credit card numbersfrom all systems, encrypting laptop computers across campus, and improving passwordmanagement procedures.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.