U. of Chicago still compromised, data for sale on underground – researchers (updated)
On January 24, this blog reported that Carbonic had claimed to have hacked the University of Chicago. The U. of Chicago never responded to a notification and inquiry this blog sent via e-mail on January 22nd.
Yesterday, SLC Security reported that the university is still leaking information and is still vulnerable:
During a recent receive (sic) of some incidents being covered by databreaches.net I was able to do some additional research and confirm that even as recent as an hour ago that information is still being offered in the underground community. In addition server IP addresses owned by the organization are attacking other colleges and universities in the US and elsewhere.
Well, that’s not good. DataBreaches.net will send a second notification to U. of Chicago and hope that this time, they respond and take action to address any compromises they may have been – or may still be – experiencing. If I get a response from them, I will update this post.
SLC Security also notes that both the Illinois Institute of Technology and Northwestern University are also compromised, although I haven’t found anything through routine searches about their situations, other than Northwestern being reportedly hacked on January 20 by @AnonGhost (mirror of defacement here).
Update: I received the following email from the U. of Chicago’s Associate Vice President for Safety, Security and Civic Affairs & Chief of Police:
Both of your messages have been received and shared with our information technology services staff. Thank you for your concern.
Well, that doesn’t answer my question about what they’re actually doing and why the site is reportedly still leaking information, but at least we now know that they got my notifications.