Bob Connors reports:
UConn is warning thousands of customers who bought items on it’s
HuskiesDirect.comHuskyDirect.com website that their personal information may have been exposed in a data security breach.A hacker obtained access to the
HuskiesDirect.comHuskyDirect.com database containing billing information for 18,000 customers. The website is used by people to buy sports gear from the UConn Co-op.The information at risk includes customers’ names, addresses, email, telephone number, credit card number, expiration date and security code, according to the university.
The database is run by an outside vendor, which contacted the Co-op about the security breach. It is still unclear how many accounts were actually accessed, UConn said in a release.
Read more on NBC.
I can find no link to any breach notice from UConn’s home page. An internal page on the UConn site for the Co-Op provides only this statement:
HuskyDirect.Com site is currently offline
We apologize for any inconvenience while we perform critical system maintenance on our website. We hope to have it back online as soon as possible.
While HuskyDirect.com does appear to be offline since January 7, HuskiesDirect.com appears to be online, so I’m a bit confused as to whether the news story is correct in saying that the database for HuskiesDirect.com was hacked. HuskiesDirect.com does not have any information on how to contact them on their site (nor any privacy policy, for that matter!), and a whois lookup suggests that they are not part of the University of Connecticut. So for now, despite the media report, it looks like HuskyDirect.com was hacked, not HuskiesDirect.com. Stay tuned…
Update: Bob Connors replied to a note I sent him and confirmed that it is, indeed, HuskyDirect.com that got hacked and not HuskiesDirect.com. NBC appears to have corrected the error on NBC, although there’s no correction noted.