NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0488 Failure to Patch Flaw Exposes Personal Data for over 60,000 at University:
Social Security numbers and other personal data belonging to over 60,000 students,
former students, and employees of Antioch University may have been compromised by
multiple intrusions into a server. The break-ins were discovered on 13FEB08, but
took place on 09-10JUN2007, and 11OCT2007. The Sun Solaris server that was involved
had not been patched against a previously disclosed file transfer protocol vulnerability,
although a fix was available at the time of the breach. The data on the server appears
not to have been illegally downloaded or copied by the intruders, according to a
university official. The compromised server contained information on current and former
students, employees, and vendors across all of Antioch's six campuses going back to
1996. The compromised data included names, addresses, social security numbers, telephone
numbers, and academic records.
(ComputerWorld.com 04APR08)