How many victims? Unspecified, but the amount of information is substantial, representing a 20-year period.
What type of personal information? Social Security numbers and some credit card information.
What happened? Hackers accessed a server on the university’s computer system that stored information of students who attended UMass between 1982 and 2002, as well as a few who attended before 1982. The break-in occurred from Sept. 15 to Oct. 27 of last year.
Details: UMass was aware of the breach last fall but delayed notification for 11 months. Patrick Callahan, a university spokesman, told the Worchester Telegram & Gazette the delay was the result of an ongoing investigation to determine what information was contained on the server that was accessed.
The investigation revealed that the attack was not specifically designed to retrieve personal information but data loss may have occurred.
This is not the first time UMass has experienced a breach. Last April, a hacker broke into the health services department’s computer network.
What was the response? Information about the breach was posted to the University’s website. In addition, a phone number was set up to provide more information to affected individuals.
To ramp up security, the university is providing better training for system administrators and identifying all computers that contain personal information.
Source: Worcester Telegram & Gazette, telegram.com, “Hackers gained access to UMass info,” August 21, 2009.