March 07, 2003
Hack 'em Horns

The University of Texas' computer system was hacked two weeks ago, with the thief or thieves making off with the names and Social Security numbers of 59,000 current and former students.

"We flat out messed up on this one," [university president for information technology Dan] Updegrove said. "Shame on us for leaving the door open, and shame on them for exploiting it. Our Number 1 goal is to get those data back before they get misused."

Dude, that data's been scattered to the four winds. Catching the thieves is no assurance that you've put it back into a box. Assume it's now part of the public domain and do what you can to mitigate.

The incident comes at a time of growing concern about identity theft on college campuses. Many universities, including UT, use Social Security numbers as student identifiers, and the numbers are therefore found in many records.

We used a different number as our student ID for my first two years at Trinity, then they switched to using SSNs. It wasn't such a big deal in the 80s. I sure hope they're up to date on their database security now. There's now a bill in the House that would require state colleges to phase out the use of SSNs as identifiers, but private schools would not be affected by it.

Now that UT has fessed up to this debacle, there's fear that the publicity will encourage more hackers to strike. Maybe, but surely any rational thief must know that UT's security will be at a pinnacle right now. Better to wait until they've moved on to the next crisis.

Authorities said there was no evidence that the stolen information had been used to set up false identities or bogus financial accounts. The data can be used to build a profile to open credit card accounts and get access to money and documents in other ways, say security experts.

The U.S. Secret Service said victims should wait before canceling credit cards or closing bank accounts. Instead, they should contact the nation's three major credit bureaus to see if their personal information was used recently for unauthorized transactions, the agency said.

When such personal information is used fraudulently, victims should notify police and their banks and creditors, the Texas Department of Public Safety said.

If you're a UT alum or faculty member, you can find out more about who was affected here.

Posted by Charles Kuffner on March 07, 2003 to The great state of Texas | TrackBack