TMCnet News

UCO investigates breach of university server [The Edmond Sun, Okla. :: ]
[March 14, 2014]

UCO investigates breach of university server [The Edmond Sun, Okla. :: ]


(Edmond Sun (OK) Via Acquire Media NewsEdge) March 14--EDMOND -- A significant number of victims -- UCO's 2,700 employees and likely ex-employees as well -- are victims of a server breach, a spokesman said.

On Thursday, the University of Central Oklahoma sent an email message notifying members of its community that on Wednesday it discovered a breach of sensitive personal information due to unauthorized access to one of its servers.

UCO spokesman Charlie Johnson said immediately after learning of this event the university initiated a thorough investigation. The email message stated the vulnerable information includes names, addresses, birth dates, Social Security numbers and additional employer information.



Members who received the notice fell within the parameters of the investigation -- the estimated 2,700 current UCO employees, which includes some students, and likely a yet-to-be determined number of former employees, which may include alumni, Johnson said.

A duplicate letter also will be mailed to members as soon as it is ready, Johnson said.


While UCO has no evidence that an unauthorized user is actually using the information, the administration takes related security very seriously, said Johnson, who himself is among the victims.

"The university quickly responded to the breach by removing the affected systems from the network," Johnson said.

UCO notified individuals so they could take precautions to protect their personal identity, Johnson said. Administrators recommended notified individuals: --Place a fraud alert on their information with credit bureaus; --Periodically run a credit report with the credit bureaus to ensure accounts have not been activated without the victim's knowledge; and --Stated that victims' financial information is not kept on the server that was accessed. However, if for any reason a person believes that their bank account or credit/debit card has been fraudulently used, they should contact their financial provider.

"As the situation develops, we will provide additional information regarding further actions or precautions that you should take," UCO administration told victims in the message.

Johnson said UCO follows best practices when it comes to addressing cyber security measures and existing threats. Johnson said measures include quarterly network security scans to determine if any issues require addressing, patching and updating servers on a regular schedule and system maintenance twice a month.

Administrators urged victims to visit uco.edu/cybersecurity for resources for victims and steps they can take to protect their identity. Individuals with additional questions may call 974-6977.

PASSWORD INCIDENT On March 7, UCO sent a letter to its community about a potential compromise of its UCONNECT Web page. Technicians found that a limited number of user accounts recently experienced unauthorized password changes.

Users were notified if their account had a password reset. UCO administrators stated they had no evidence an unauthorized user retrieved and was misusing personal identity information.

Administrators stated it appeared the UCO database had not been compromised, but they were concerned that with access to UCONNECT an unauthorized user could view alternate email addresses, financial aid records, grades and other information. Victims' UCO email accounts may have been accessed.

Johnson said the incidents are not related.

[email protected] -- 341-2121, ext. 108 ___ (c)2014 The Edmond Sun (Edmond, Okla.) Visit The Edmond Sun (Edmond, Okla.) at www.edmondsun.com Distributed by MCT Information Services

[ Back To TMCnet.com's Homepage ]