DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Central Connecticut State University server infected with Z-Bot; over 18,000 notified of incident

Posted on February 16, 2012 by Dissent

A statement linked from CCSU’s home page, dated today:

Central Connecticut State University officials have announced that a security breach in a CCSU Business Office computer exposed the Social Security Numbers of current and former faculty, staff, and student workers to potential misuse.

James Estrada, the University’s Chief Information Officer, says the computer was infected by a “Z-Bot” virus, a malicious software program that exposed the Social Security Numbers of 18,275 CCSU individuals to potential risk. No other information, such as name or home address, was exposed.

“After conducting a forensic analysis, we have been unable to determine if any data was stolen or used in an unauthorized manner – only that the data was vulnerable for eight days in early December,” Estrada asserts. “As soon as the virus was detected, we acted immediately to protect the data by taking the impacted computer off line.”

CCSU has alerted the campus to the incident and announced that the University is offering free identity protection services for up to two years through Debix, an independent company that specializes in protecting and restoring personal credit and identity information and has worked with many of the state’s colleges and universities on similar incidents.

The University is in the process of matching the SSNs with names and addresses. Those whose information may have been compromised are being notified by Debix about how to receive credit and identity theft protection.

In an email to the campus community this afternoon, President Miller writes, “I deeply regret any inconvenience or anxiety this incident may cause you and your family. All of us involved in responding to this incident understand how important one’s personal information is and how critical it is to safeguard it. I want to assure you that, in coordination with the Board of Regents System Office and our own Information Technology office, we are working to prevent any such future incidents.”

To help answer questions, CCSU has set up a special web page: www.ccsu.edu/FAQ.

From the FAQ:

The University learned on December 6, 2011, that a computer in CCSU’s Business Office was infected with a “Z-Bot” virus designed to relay information obtained from the computer. As soon as it was discovered, the computer was immediately disabled. Subsequent forensic analysis revealed that the data on the computer had been exposed for approximately 8 days. The forensic analysis could not determine whether any data had actually been compromised or misused. CCSU and the Board of Regents System Office, however, believe that the exposure warrants offering comprehensive credit/identity theft monitoring services to all those whose information was at risk.

[…]

We have determined at this point that 18,763 people were affected by this breach. That number may change as this information continues to be analyzed. To the best of our knowledge at this time, the list includes faculty, staff, student workers dating back to 1998.

Category: Breach IncidentsEducation SectorMalwareU.S.

Post navigation

← DHI Mortgage notifies loan applicants of server breach (Update 4)
More sites hacked and defaced by Saadi n Hax.r00t and pinoycyberarmy.com under attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.