Over the next couple of weeks, over 20,000 students and faculty at the University of Missouri will be frantically running around contacting credit reporting agencies and filing fraud alerts thanks to the lackluster security on the UM website.

The university noted that 22,396 people, to be exact, who were still in the University’s computer system have had their names and social security numbers compromised from hackers using Internet addresses from China and Australia.

In a classic case of hindsight, University spokesman Scott Charton said the data “should have been purged out of the system. We wish it had been and regret that it was not.”

But this isn’t the first time an event like this has occurred. On January 14th, 2007, hackers broke into the UM’s website and had access to personal information including passwords, names, and social security numbers.

A statement posted on the UM’s Web site in January said the first hack occurred through the system’s Web-based application that “did not have safeguards which current applications have to ward off increased threats from the Internet.”

But today’s statement notes that “These errors were first assumed to be caused by a problem with a system used to track computer help desk repair calls using the same database,” posted in a University statement.

The hacker spent hours exposing names and SSN’s by making thousands of queries through the UM’s own web-based system, obtaining each record individually.

Fortunately, this isn’t the University’s first rodeo; they know exactly what to do. University officials are making an “intensive” effort to contact the victims, and have set up a toll-free hotline (866-241-5619) to assist any individuals who may be affected by their mistake.

“The university will continue to work diligently to secure confidential data held in its computer systems,” said in the University statement; however, those words may be a bit hard-to-swallow the second time around.

The hacker’s accounts have been suspeneded, but UM officials made no comment on how these accounts were obtained.

Related:

Entry was posted on Wednesday, May 9th, 2007 at 5:36 am under Opinion, Security.

Read more entries by George Gardner.
Stumble It!