UGA has discovered it recently was the victim of computer hackers who circumvented computer security to gain illegal access into a campus server. The university has notified state officials, who are participating in the ongoing investigation. While nothing may come of this, there are potentially serious implications.
The university took the server off-line immediately upon learning of the breach.
“Our investigation thus far reveals that the system was used to probe a number of other computers in this nation and abroad,” says Stan Gatewood, UGA’s chief information security officer. “The hacker also had opportunity to access files residing on that server.”
Early indications are the files include information submitted by applicants for admission since fall 2002. The university is not certain at this time whether any applicant files were accessed by the intruders. The investigation is ongoing. As individual applicants with information in the affected files are identified, they will be notified. The files may contain sensitive identity information such as Social Security and credit card numbers.
Affected individuals should take appropriate steps to guard against identity theft and credit card fraud by following guidelines outlined on these Web sites: www.consumer.gov/idtheft or www.stopidentitytheft.org.
“The very nature of higher education environments is to support openness, that is, the free flow of information and ideas,” Gatewood also says. “Sadly, this openness makes us a target-rich environment. The affected server had appropriate and up-to-date security in place, yet it was still breached.”
“We sincerely regret that this happened. Our first concern is that personal data may have been accessed,” says UGA Provost Arnett C. Mace. “At this time, we do not believe that any academic data used to evaluate applicants has been compromised.”
The university has established a Web site at www.uga.edu/fraudconcerns.html to provide comprehensive information on this incident. The site will be updated as new information is available.