This sucks, computer programmers and analysts had better learn that their dicking around and not making sure that all their bases are covered may have serious consequences. Maybe its just me, but when if I was dealing with important information about thousands of people, I would do everything I could to protect that information. The line I put in bold towards the bottom of the article pisses me off to no avail. I know many people on this board go or went to UT, though I hope none of you are affected by this. ---------------------------------------------------------- Link Hackers access UT database, nab 59,000 names, Social Security numbers Cox News Service AUSTIN -- Computer hackers have obtained the names and Social Security numbers of about 59,000 current and former students, faculty members and staff at the University of Texas at Austin in one of the largest cases of potential identity theft ever reported. Authorities do not know whether the information has been put to illegal uses such as obtaining credit cards or withdrawing money from financial accounts. Law enforcement officials were expected to obtain and execute search warrants late today in Austin and Houston at homes where computers are thought to have been used in the cyberspace break-in. UT officials suspect that the attack was carried out by a student or students, or by people living with students. They said the computer breach could easily have been prevented with basic precautions, adding that the incident will prompt them to redouble security measures and to accelerate a plan to phase out most uses of Social Security numbers on campus. "We flat out messed up on this one," said Dan Updegrove, the university's vice president for information technology. "Shame on us for leaving the door open, and shame on them for exploiting it. Our No. 1 goal is to get those data back before they get misused." The incident comes at a time of growing concern about identity theft on college campuses. Many universities, including UT, use Social Security numbers as student identifiers, and the numbers are therefore found in many records. UT students have complained about the practice. The ranks of current and former UT students, faculty and staff include hundreds of thousands of people. University officials were scrambling Wednesday to figure out how to advise those whose information was stolen. Some who are no longer affiliated with the university might no longer be reachable at the phone numbers and addresses on file. The university has set up a special Web site -- www.utexas.edu/datatheft -- where it plans to post information. A telephone hotline will also be established, possibly staffed seven days a week and 24 hours a day, said Don Hale, vice president for public affairs. The theft was discovered Sunday evening by university computer systems administrators conducting routine checks, Updegrove said. They immediately disconnected the compromised database from the Internet, later hooking up a database of useless information. Besides names and Social Security numbers, the hackers obtained e-mail addresses and, for some current faculty and staff members, office addresses and office phone numbers. No grade, health or benefit records were obtained, Updegrove said. Computer system logs indicate that the information was seized by a computer in Austin on Wednesday, Thursday and Friday last week, and by a computer in Houston on Saturday and Sunday, he said. It's likely that the instrusions from Austin and Houston were done by the same person or persons, he added. The compromised database contains training records on UT staff. However, it has an interface, or connection, with a broader list of current and former UT students, faculty and staff. The thief or thieves used a computer program to query the UT database with 3 million potential Social Security numbers, resulting in about 59,000 hits, or successful matches, Updegrove said. "It was just a brute force attack on the system," he said. Updegrove said the UT records should never have been accessible to anyone off campus or to anyone who is not an employee supervisor. He said he did not know how such a serious violation of security procedures occurred, or why it was not discovered in periodic systems checks. He did not know how many years the database has existed. "There are six to 12 ways we could have reduced the risk to the database," Updegrove said. "The sad thing is, we didn't do any of them." Those shortcomings will be examined in depth, but the more urgent task is to track down the perpetrators and recover the data, Updegrove said. To that end, the university has reported the theft to the FBI, the Austin Police Department, the Travis County district attorney's office and other authorities. "This could have grave consequences, so fast action is important to prevent further harm," said District Attorney Ronnie Earle. "The public integrity unit with the district attorney's office is working in partnership with the U.S. attorney's office on this case." Updegrove defended the university's decision not to announce the theft right away, thereby leaving the 59,000 people unaware that their information was compromised. It took time to understand the dimensions of the theft, he said. In addition, when it became apparent that the theft originated from two locations, university officials focused on lining up law enforcement help in trying to seize the rogue computers, in hopes that any dissemination of data by the thieves could be prevented. Disclosing the theft widely at the outset might have put that strategy at risk, he said. Identity theft is a rapidly growing crime in which someone obtains key pieces of information such as Social Security and driver's license numbers to obtain credit, merchandise and services in the name of the victim, according to the Identity Theft Resource Center, a nonprofit group based in San Diego, Calif. "The victim is left with a ruined credit history and the time-consuming and complicated task of regaining financial health," the center reports on its Web site.
Umm... somebody explain that quote to me. If I have your name, social security, address, etc. How exactly do you get it back? I mean if I hacked your database and did a query of whatever tables, I have that info forever (or technically, maybe at least until I was caught). It's like you telling me your phone number and then saying "nevermind, give it back".
Basically, they want to find and confiscate whatever hard drives have the information on them so that the hackers won't have the information to use later. Unfortunately, even if they do find the computers that downloaded the information, it doesn't necessarily mean that the hackers haven't hidden what they gleaned from UT somewhere on the internet or downloaded it to some other medium and hid that.
This sucks. Some ******* has my SSN, and personal data. Some heads need to roll at the IT department at UT.
so ummm how do we know if ours got stolen? i know like 4 social security numbers that aren't mine. my friends are pissed off whenever i can recite theirs.
59,000! Isn't that probably just about the whole frickin' University? I hope nobody gets screwed because of this. This has "lawsuit" written all over it?
The schools using SS numbers is a serious thing that is happening everywhere... many school districts and colleges do this.. so everytime you write your student ID down.. it is also ur SS number.. so professors, teachers, just about anyone including other students would have little trouble finding it out if they wanted to.. is it that hard to just assign a ID number that isnt your SS number?
Ooooh. Time to submit my resume to the UT IT Dept. Ya good luck. They make you take this test to see if you have an apitiude for programming and you have to make an "A". I took the test and made an "A" (and apparently was one of a very few who even finished the test.) I interviewed four different times and never got a job offer. They are r****ded. I hope the lot of them gets canned.
We stopped using SSN at UT about a year and a half ago, and instead switched to the "EID" electronic ID system instead. It's ridiculous because it got to the point where people were turning in homeworks with their SSN on it. The graded homeworks would then be left outside of the TAs office, where just about anyone could grab them out of the box.
The SSN needs to be done away with as the "magic" number in getting Credit Cards and Bank accounts. Your SSN is on just too many things out there where it is too easy to find. Knowing a SSN can no longer be a proof of identity. I'll be honest, I have no idea how to replace the system that every bank, credit union, mortgage company, and credit card company use to identify their clients, but it is just too darn easy to steal somebodies identity.
baqui...... true... but since I applied last year and had a UT EID etc that they gave me when I applied (before I decided to not go to UT) for all I know they still have my social security number in some of their admission databases etc..
can we file some sort of class action lawsuit against UT for making it so easy to have our identities stolen since our freaking ID# at school is our SSN#
I haven't attended UT since 1992. But, I guess that doesn't matter. My info could still have been hacked. When someone says we could have done six to 12 things to prevent something like this, I just want to kick their ass even more than I did before.
