If you attended the University of Massachusetts Amherst between 1982 and 2002, your records might be among those involved in a data breach that occurred last fall.
UMass announced August 5 there was a security breach between September 15 and October 27, 2008 in which a single server was penetrated. The server contained the names, Social Security numbers and some credit card information of students attending the university during the 20-year period, and a few who attended the university before 1982.
There has been no word yet about how many student records were compromised, but given that there are currently more than 25,000 undergraduate and graduate students attending the university, the breach is almost certain to have affected tens of thousands of current and former students.
UMass officials were aware the server had been compromised, and hired computer forensics company, Stroz Friedberg, in May of this year. The notification was delayed until forensic investigators could determine the extent of the records stored on the server, according to Patrick J. Callahan, a spokesman for the university.
The recent break-in occurred just five months after hackers attacked the UMass Amherst Health Services computer system in April 2008. The university never revealed the number of student records compromised in that attack, but is known that more that half the university’s student population have been patients at the University Health Services center.
University officials said they were examining the entire computer system after the Health Services security lapse to prevent future incidents.
The university posted notification of last fall’s data breach on their website. Within the Frequently Asked Questions section is a statement that the forensics experts hired by the university recommended “better security training for system administrators; automated software to detect malicious activity; increasing efforts to identify all computers that contain personal information, and retaining network data for longer periods to better assess incidents.”