Failure to patch flaw exposes data on 60,000 at Antioch

Personal data belonging to students, former students and employees may have been compromised

Windows systems may be the most frequently attacked by malicious hackers, but they certainly are not the only targets.

Serving as the latest reminder of that fact is Antioch University, which recently disclosed that Social Security numbers and other personal data belonging to more than 60,000 students, former students and employees may have been compromised by multiple intrusions into its main ERP server.

The breaks-in were discovered February 13 and involved a Sun Solaris server that had not been patched against a previously disclosed FTP vulnerability, even though a fix was available for the flaw at the time of the breach, university CIO William Marshall said Friday.

The university was alerted to the breach while IT officials were investigating a separate virus that had also infected the system and was broadcasting obscene material from it, Marshall said. That particular virus was programmed to broadcast the material on the 13th of each month and was detected by the university's antivirus software, when it started doing so on February 13, he said.

"When we went in and did further investigation, we found that there was an IRC bot installed on the system," Marshall said.

According to Marshall, the university ERP system, based at Antioch's main campus in Yellow Springs, Ohio, appears to have been breached on three separate occasions.

The first break-in occurred June 9, 2007, when intruders gained remote access to the ERP server via the unpatched Solaris FTP vulnerability. "The first one was an automated attack. It happened very, very quickly," Marshall said. The IRC bot discovered February 13 appears to have been installed on the system one day after the initial intrusion, he said. Forensic analysis shows that the third time the server was illegally accessed was October 11, 2007, Marshall said.

As far as the university can tell, the data on the server appears not to have been illegally downloaded or copied by the intruders, he said.

Following the discovery of the intrusions, the infected server was taken offline, the data on it was backed up and the operating system was reinstalled from scratch, Marshall said. "That's the only way we can be sure that we got everything on it that shouldn't be there," he said.

The compromised server contained information on current and former students and employees across all of Antioch's six campuses going back to 1996, Marshall said.

The system also contained information on individuals who had applied to Antioch but may have never attended the university and information on vendors who may have supplied their Social Security numbers in order to get paid. The compromised data included names, addresses, Social Security numbers, telephone numbers and academic records.

Notices informing the affected individuals about the breach and urging them to take measures to protect against ID theft were sent out last week, Marshall said. There are a couple of reasons for the delay, Marshall said. First, the university needed at least two weeks to understand the full scope of the breach, he said. The university also did not want to compromise investigations by law enforcement authorities by disclosing the breach prematurely, he said.

The main lesson from the intrusions is to make sure that patches get installed in a timely fashion whatever the environment, Marshall said. Just because Windows systems get patched and attacked the most often is no reason for getting complacent about security on other operating systems, he said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Jaikumar Vijayan

Jaikumar Vijayan

Computerworld
Show Comments

Cool Tech

Bang and Olufsen Beosound Stage - Dolby Atmos Soundbar

Learn more >

Toys for Boys

Nakamichi Delta 100 3-Way Hi Fi Speaker System

Learn more >

Sony WF-1000XM3 Wireless Noise Cancelling Headphones

Learn more >

ASUS ROG, ACRONYM partner for Special Edition Zephyrus G14

Learn more >

Family Friendly

Mario Kart Live: Home Circuit for Nintendo Switch

Learn more >

Philips Sonicare Diamond Clean 9000 Toothbrush

Learn more >

Stocking Stuffer

Teac 7 inch Swivel Screen Portable DVD Player

Learn more >

SunnyBunny Snowflakes 20 LED Solar Powered Fairy String

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?