Officials at the University of Texas-Austin reported last week that computer hackers broke into a vulnerable school computer database, stealing the names, e-mail addresses and Social Security numbers of more than 55,000 students, faculty and alumni.
U.S. Attorney Johnny Sutton said in a press release that the UT-Austin is currently working with the U.S. Attorney’s office, the U.S. Secret Service, the Texas Attorney General’s office and the Travis County District Attorney to determine the identity of the perpetrators and retrieve as much of the stolen information as possible.
“It does not appear at this time that the information that was obtained from the university database has been disseminated, nor has it been used to the detriment of the persons to whom it rightfully belongs,” Sutton said.
According to an initial report on the UT-Austin website, technology employees discovered a computer malfunction Sunday, March 2. Personnel immediately shut down the computer system while a detailed analysis and investigation began.
Ronnie Earle, the Travis County district attorney who is prosecuting the case, said in a statement to the press that search warrants related to the case were served late last Wednesday in Austin and Houston.
“This could have grave consequences, so fast action is important to prevent further harm,” Earle said.
Daniel Updegrove, UT-Austin’s vice president of information technology, said in an interview with the Austin American statesman that his department was to blame.
“We flat out messed up on this one. Shame on us for leaving the door open, and shame on them for exploiting it. Our No. 1 goal is to get those data back before they get misused,” Updegrove said.
Computer logs of the affected database revealed that a computer located in Austin hacked the system several times between Feb. 26 and March 2 by plugging in 3 million possible Social Security numbers, 55,000 of which came up as matches.
“We all like to think that our systems are secure from an outside attack,” said Brian Rust, senior administrative program specialist for the University of Wisconsin’s Division of Information Technology. “But often we see that where there’s a will, there’s a way.”
Rust said though hackers sometimes consider universities to be easy targets, breaking into a secure database still takes a lot of time and effort.
Rust said limited access to confidential information, firewalls and several other layers of security make UW’s network much more solid than the system at UT Austin.
UW has had no large-scale problems of identity theft in the past, but Rust said that a breach could be possible if a hacker had enough motivation, resources and ability.
“Security is a huge issue,” Rust said. “We run into problems at the university level because everybody expects free and open discourse. You want to just log in once and be done with it.”
Rust said absolute security is never achievable, but he is confident that the university and DoIT are doing everything possible to prevent this type of break-in from occurring at UW.
