Loek Essers reports:
The Dutch High Tech Crime Team has arrested a 17-year-old suspected of compromising customer account data on hundreds of servers belonging to telecommunications operator KPN….. The arrested teenager called himself “xS”, “Yoshioka” and “Yui” online, and is suspected of breaching the security of hundreds of KPN servers last January, compromising user data and damaging KPN’s infrastructure, said the Prosecution Service.
Read more on PCWorld.
A statement linked from CCSU’s home page, dated today:
Central Connecticut State University officials have announced that a security breach in a CCSU Business Office computer exposed the Social Security Numbers of current and former faculty, staff, and student workers to potential misuse.
James Estrada, the University’s Chief Information Officer, says the computer was infected by a “Z-Bot” virus, a malicious software program that exposed the Social Security Numbers of 18,275 CCSU individuals to potential risk. No other information, such as name or home address, was exposed.
“After conducting a forensic analysis, we have been unable to determine if any data was stolen or used in an unauthorized manner – only that the data was vulnerable for eight days in early December,” Estrada asserts. “As soon as the virus was detected, we acted immediately to protect the data by taking the impacted computer off line.”
CCSU has alerted the campus to the incident and announced that the University is offering free identity protection services for up to two years through Debix, an independent company that specializes in protecting and restoring personal credit and identity information and has worked with many of the state’s colleges and universities on similar incidents.
The University is in the process of matching the SSNs with names and addresses. Those whose information may have been compromised are being notified by Debix about how to receive credit and identity theft protection.
In an email to the campus community this afternoon, President Miller writes, “I deeply regret any inconvenience or anxiety this incident may cause you and your family. All of us involved in responding to this incident understand how important one’s personal information is and how critical it is to safeguard it. I want to assure you that, in coordination with the Board of Regents System Office and our own Information Technology office, we are working to prevent any such future incidents.”
To help answer questions, CCSU has set up a special web page: www.ccsu.edu/FAQ.
From the FAQ:
The University learned on December 6, 2011, that a computer in CCSU’s Business Office was infected with a “Z-Bot” virus designed to relay information obtained from the computer. As soon as it was discovered, the computer was immediately disabled. Subsequent forensic analysis revealed that the data on the computer had been exposed for approximately 8 days. The forensic analysis could not determine whether any data had actually been compromised or misused. CCSU and the Board of Regents System Office, however, believe that the exposure warrants offering comprehensive credit/identity theft monitoring services to all those whose information was at risk.
[...]
We have determined at this point that 18,763 people were affected by this breach. That number may change as this information continues to be analyzed. To the best of our knowledge at this time, the list includes faculty, staff, student workers dating back to 1998.
Aliyah Sternstein reports:
Hackers posing as officials from the geopolitical analysis publisher Stratfor are emailing infected links to government subscribers whose email addresses were stolen during an earlier raid on the company’s computers, Microsoft researchers say.
Wailin Wong reports:
Chicago jeweler C.D. Peacock has sued a suburban information-technology consulting firm, alleging that the company’s negligence allowed hackers to access confidential customer financial data.
The lawsuit was filed Wednesday in Cook County Circuit Court. According to C.D. Peacock’s complaint, it hired Oak Brook-based BridgePoint Technologies for IT-related services in August 2009. In March 2010, the company found that its virtual private network, designed to give remote users access to a centralized network, was failing to make those connections.
C.D. Peacock said a BridgePoint consultant inspected the network and said the VPN could not be fixed. The consultant told the jeweler to go around the VPN connection, a move that he assured would be safe, according to the lawsuit.
“Circumventing the VPN led almost immediately to a serious security breach,” C.D. Peacock said in its filing.
Read more on WGN Radio
Matt Olsen reports:
Police say hackers stole credit card information from dozens of diners who all ate at a restaurant. While investigators have cleared the restaurant of any wrongdoing, the owner tells KVUE he is taking steps to restore the business that’s been lost due to the fraud.
By all appearances it was business as usual Wednesday at Flores Mexican Restaurant. But owners say the restaurant has lost 15 percent of its business after a computer virus infiltrated its credit card system in December, leaving some Flores customers open to credit card fraud.
Read more on KVUE.
Nanette Asimov reports:
Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called “an infestation” of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned.
At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college’s data security monitoring service detected an unusual pattern of computer traffic, flagging trouble.
Read more on San Francisco Chronicle.