What appears to be a combination list from various databases related to the University of Georgia appeared on a public paste site yesterday. Although the University of Georgia has disclosed a number of breaches in the past six years, none of the breaches this site knows about would account for all the data in this dump. The data, more than 4,800 records, consists of what appears to former and current students’ and staff’s email addresses and passwords, in some cases with usernames and IP addresses. For some records, the passwords are in plain text, while for others, they are encrypted. Some of the records appear to include date of birth, and some of the records appeared to have time stamps. The most recent timestamp was from December, 2015. More than 70 of the records include reference to “funimation,” e.g.: 2451189:funimation-user-2451189:[redacted]@uga.edu:[redacted]::7a3e3dff697794bc3bcb29b9c9d78e9c:K3w6%S*B&l3SxWR(BE!8xYNG\f&5qt A Google search for some of the email addresses in the dump was able to identify some of the individuals as alumni of UGA. Others are currently on staff on at UGA. DataBreaches.net is still exploring the dump to try to determine whether any of those in the list are current students. Email inquiries sent to several possible current students did not produce responses, but did not bounce back, either. DataBreaches.net contacted UGA via email and then phone yesterday, and although their IT helpdesk said they were forwarding the message up the chain immediately last night, DataBreaches.net did not get any response from either the press office or the CISO. A second email to the press office today was also unanswered. As of the time of this posting, the dump is still publicly available, and it has been viewed more than 125 times. If UGA responds to the notifications, this post will be updated. It is important to emphasize that it is not clear whether their system was breached, or if this dump represents a culled list of data from other leaks or hacks. If you are a current employee or student at the University of Georgia, you might want to err on the side of caution and change your password.
The University of Georgia has issued the following release today: An ongoing investigation into what officials call “a criminal act of computer trespass” reveals that the personnel records of at least 8,500 current and former University of Georgia employees apparently were accessed by an intruder, UGA Vice President for Information Technology Timothy M. Chester announced today. The initial intrusion may have occurred as early as Sept. 28. The investigation began Oct. 1 after it was discovered that the MyID passwords of two UGA employees, both of whom work in sensitive information technology positions, were reset by someone unknown. The perpetrators then used those accounts to access data contained in university information systems holding personnel records. “This appears to us to be a planned intrusion by someone who knew enough about our operations to know which accounts to attack and where the sensitive information was located within the system,” Chester said. “It is clearly a criminal act of computer trespass, and we are working with UGA Police to investigate.” The data that was accessed includes names and Social Security numbers as well as other personal information. Current and former employees whose records may have been compromised will be notified directly by email or U.S. mail as addresses are available for them. In that more people may be affected than are now apparent, Chester suggested all university employees take appropriate steps to guard against identity theft. In addition, UGA will provide credit monitoring for affected persons who request it. “It is important that employees also take steps to make sure their MyID information is secure,” Chester said. “Make your secret question and answer pairs impossible to guess. Don’t use questions to which the answers may be found on your vita or your Facebook page.” The perpetrators in this case may have been able to crack the accounts they entered through obtaining information in that way, he added. Employees may update the answers to their MyID secret questions at http://eits.uga.edu/access_and_security/myid. Additionally, those affected should review the information contained in http://fraudconcerns.uga.edu to learn more about recommended precautions. By following the steps recommended, individuals can minimize the risk of identity theft. The site contains comprehensive information on this incident, including a frequently asked questions section. Individuals also may contact the UGA EITS Help Desk at 706/542-3106 or [email protected] h/t, Atlanta Business Chronicle
Joe Johnson reports: A University of Georgia student is facing 80 felony counts for allegedly hacking into a professor’s computer to change his grades. Michael Lamon Williams, 21, was booked into the Clarke County Jail Wednesday on nine counts of computer trespass and 71 counts of computer forgery. Williams, a student of UGA’s Terry College of Business, was working for Enterprise Information Technology Services when he “abused his privileges as an employee and changed grades to benefit himself,” said Greg Trevor, UGA’s executive director for media communications. “The university is conducting a comprehensive review of its practices to make the necessary improvements to prevent this from reoccurring,” Trevor said. Read more on OnlineAthens.
Joe Johnson reports: A Clarke County grand jury recently indicted a Georgia Tech student for allegedly hacking into the University of Georgia’s computer network to post a message prior to the annual rivalry football game between the Bulldogs and Yellow Jackets. Ryan Gregory Pickren, 21, was charged with felony computer trespass for making the posting on UGA’s online calendar on Nov. 27, two days before the intrastate gridiron match-up. Read more on OnlineAthens.
Maario Coleman and Angela Russell have been sentenced for stealing the identities of Emory University and University of Georgia students in order to apply for student loans. “Just as these law and medical students were graduating to embark on their careers, they found themselves victims of identity theft,” said United States Attorney Sally Quillian Yates. “We encourage citizens to diligently review their credit reports and bank accounts to spot fraudulent activity as soon as possible.” According to United States Attorney Yates, the charges and other information presented in court: Coleman obtained the names of over 100 members of the 2013 class of graduating law and medical students at Emory University and five law students at the University of Georgia. After obtaining partial social security numbers and dates of birth for the students, he asked Russell to supply the remaining personal identifiers. At the time, Russell had access to credit reporting databases through her employment. Together, the defendants compiled students’ birthdates and social security numbers. Using that information, Coleman then applied for over $400,000 worth of post-graduate bar exam study loans and medical residency loans through Discover Bank. In many cases, Discover required student transcripts before it would approve and fund the loans. To facilitate approval of the loans, Coleman used the students’ personal identifiers to obtain passwords to Emory’s online portal, where he ordered transcripts and had them mailed to his associates. The transcripts were then sent to Coleman, who forwarded them on to Discover. Coleman also arranged for the loan proceeds to be deposited into bank accounts fraudulently opened in the victims’ names. After the loans were funded, other associates of Coleman withdrew the funds via ATM. The defendants obtained $52,000 worth of loans before the scheme was uncovered. Maario Coleman, 28, of Atlanta, Ga., pleaded guilty to computer fraud and aggravated identity theft on May 13, 2014. He was sentenced by United States District Judge Thomas W. Thrash, Jr., to four years, nine months in prison, to be followed by three years of supervised release, and was ordered to pay restitution in the amount of $52,000. Angela Russell, 43, of Atlanta, Ga., was also sentenced by Judge Thrash to two years in prison to be followed by one year of supervised release, and was ordered to pay restitution in the amount of $26,000. She pleaded guilty to aggravated identity theft on May 13, 2014. SOURCE: U.S. Attorney’s Office, Northern District of Georgia