University Blames Security Breach On Unpatched Symantec BugUniversity Blames Security Breach On Unpatched Symantec Bug

The University of Colorado at Boulder says the faulty antivirus software exposed sensitive information on nearly 45,000 students.

Sharon Gaudin, Contributor

May 24, 2007

2 Min Read
information logo in a gray background | information

The University of Colorado at Boulder said sensitive information on 44,998 students was exposed because a worm attacked the network through an unpatched bug in Symantec's antivirus software.

A server in the university's College of Arts and Sciences' Academic Advising Center held the names and Social Security numbers of students enrolled at CU-Boulder from 2002 to the present, according to an online advisory.

On May 12, the university's IT security investigators discovered that the worm entered the server through the vulnerability, which the IT staff had failed to patch, the university reported. Investigators said they did not believe the hacker behind the worm was after the personal information, but instead was using the flaw as an entryway to other computers on the university network.

"The server's security settings were not properly configured and its sensitive data had not been fully protected," said Bobby Schnabel, CU-Boulder's vice provost for technology, in a written statement. "Through a combination of human and technical errors, these personal data were exposed, although we have no evidence that they were extracted."

A Symantec spokesman told information that the company has been trying to get in touch with the university's IT team but has not yet talked to them to get details about the attack or even to find out what vulnerability was involved. "We hate to see any customer with a problem," he said. "We encourage customers to post patches as soon as possible."

Todd Gleeson, a dean CU-Boulder, said in a statement that he wants the College of Arts and Sciences IT operations to be placed under the direct control of the university's larger IT department. He said all of the students affected by the breach are being notified through letters mailed to their homes.

"We have also taken steps to ensure that all sensitive personal data has been removed from our Academic Advising Center servers," said Gleeson. "I want to assure our past and present students that we have taken strong measures to protect our advising center computers and our students' personal information."

Students who are looking for more information about protecting themselves following a data exposure can go to the advisory Web site.

Read more about:

20072007

About the Author

Sharon Gaudin

Sharon Gaudin

Contributor

See more from Sharon Gaudin
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports