DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UConn Discloses Data Breach at School of Engineering

Posted on July 31, 2015 by Dissent

The University is responding to a criminal cyberintrusion through which hackers apparently originating in China gained access to servers at UConn’s School of Engineering. UConn has implemented a combination of measures intended to further protect the University from cyberattack, and to assist individuals and research partners whose data may have been exposed.

UConn IT security professionals, working with outside specialists, have no direct evidence that any data was removed from the School of Engineering’s servers. However the University is proceeding from an abundance of caution by notifying roughly 200 research sponsors in government and private industry, as well as working to determine how many individuals need to be notified about a potential compromise of personal information.

“UConn places the highest priority on maintaining the security and integrity of its information technology systems,” said Michael Mundrane, Vice Provost and Chief Information Officer at UConn. “That’s why, in addition to assisting individuals and research partners in responding to this incident, we’re taking steps to further secure our systems.”

The security breach was first detected by IT staffers at the School of Engineering on March 9, 2015, when they found malicious software, or “malware,” on a number of servers that are part of the school’s technical infrastructure.

The School of Engineering immediately notified faculty, staff, students, visitors, and emeriti – as well as roughly 1,800 users of the Lync instant communication tool used across the University at the time – that their log-in credentials had potentially been compromised, and recommended that those individuals change their passwords.

The University’s Information Security Office, in collaboration with School of Engineering staff and Dell SecureWorks, worked to identify the extent of the breach, secure the affected systems, and prepare a comprehensive review and response.

As a result of that process, this week the University began notifying research partners in government and private industry about the breach. Although the University has no evidence that any data was taken from the servers, or “exfiltrated,” the notifications are part of an appropriate, prudent response.

As part of the ongoing process of analyzing the extent of the attack, the University believes that personally identifiable information of consumers may have also been compromised.  Those individuals whose sensitive information (such as Social Security numbers or credit card information) is determined to have potentially been compromised will be notified and provided with the option to enroll in identity protection services.

“The unfortunate reality is that these types of attacks are becoming more and more common,” Mundrane said, “which requires us to be even more vigilant in protecting our University community.”

SOURCE: University of Connecticut

Related:  From their FAQ on Incident:

 

What did the investigation reveal?

Based on analysis done both internally by the University and by Dell SecureWorks, it was determined that the first penetration of a server on the School of Engineering network occurred on Sept. 24, 2013, with further penetration of the system occurring after that date. Although the University has no direct evidence that any data was exfiltrated, it is proceeding as if that were the case by notifying individuals with personal information that could have been compromised, as well as research partners outside the University.

 

Related posts:

  • Penn State College of Engineering hacked; China suspected in at least one attack (updated)
  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
Category: Education SectorHack

Post navigation

← Stolen Consumer Data Is a Smaller Problem Than It Seems?
CT: Advanced Radiology Consulting, LLC notifies patients of breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
  • Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier
  • Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
  • Ministry of Defence data breach timeline
  • Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan
  • A year after cyber attack, Columbus could invest $23M in cybersecurity upgrades
  • Gravity Forms Breach Hits 1M WordPress Sites
  • Stormous claims to have protected health info on 600,000 patients of North Country Healthcare. The patient data appears fake. (2)
  • Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)
  • A Balancing Act: Privacy Issues And Responding to A Federal Subpoena Investigating Transgender Care
  • Here’s What a Reproductive Police State Looks Like
  • Meta investors, Zuckerberg to square off at $8 billion trial over alleged privacy violations
  • Australian law is now clearer about clinicians’ discretion to tell our patients’ relatives about their genetic risk
  • The ICO’s AI and biometrics strategy
  • Trump Border Czar Boasts ICE Can ‘Briefly Detain’ People Based On ‘Physical Appearance’

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.