A site reader alerted DataBreaches.net to a recent breach involving the Department of Chemistry at University of Wisconsin-Madison recently. According to the notification letter, a copy of which was provided to this site, the university notified some faculty and students that their personal information was on 40 departmental computers that had been hacked.
In a letter dated October 12 that was signed by Robert J. Hamers, department chairperson, and Ronald D. Kraemer, CIO and Vice Provost for Information Technology, those affected were informed that on August 31, the university realized that the computers had been targeted by hackers, who were reportedly using the system for distributing movies, music, television shows, and copies of software. Although most of the affected computers had reportedly been compromised within the past 18 months, one computer was found to have been compromised as early as December 2001. According to a a university spokesperson who responded to an inquiry from this site, the university first became aware of the compromised computers after new network monitoring hardware had been installed.
Since discovery of the compromise, the university has taken steps to harden its security, including redirecting anti-virus activity messages to a central location for monitoring, increasing network monitoring, and putting all department operations behind a firewall.
According to the university spokesperson, the university has sent 2,920 letters to faculty members and students whose names and Social Security numbers were in files on the computers, although the university does not believe that any of the files were accessed and that the hackers were only using the computers to share files.