EIU warns of student data security breach (updated)
From the Associated Press:
Eastern Illinois University says someone outside the school may have broken into files containing personal information from about 9,000 current and former students and applicants.
The university on Friday said it found a number of viruses on a server used by the university’s admissions office that could have provided outside access. Technology workers believe someone had such access between Nov. 11 and Nov. 16. But they aren’t sure if any of the files were accessed.
Read more on WAND-TV.
The Notice to Students on the university’s web site says:
On Nov. 16, 2009, routine security monitoring uncovered odd activity from a computer on campus. An investigation revealed that this computer had been compromised on Nov. 11, 2009, by malware that could have allowed an external individual to access and control the computer.
It’s good that they picked it up relatively quickly and followed up. What’s not so good is this part:
This incident affected some individuals who applied to Eastern Illinois University electronically between 2000 and 2009. Not everyone who applied electronically during this time was affected.
Why were applications from 2000 still on the computer instead of having been removed from the network after that length of time?
Update: Tyler Angelo of DenNews.com also covers the story and reports:
The information in the server includes names, Social Security numbers, dates of birth, mailing addresses and other contact information, Dodge said.