DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UConn Discloses Data Breach at School of Engineering

Posted on July 31, 2015 by Dissent

The University is responding to a criminal cyberintrusion through which hackers apparently originating in China gained access to servers at UConn’s School of Engineering. UConn has implemented a combination of measures intended to further protect the University from cyberattack, and to assist individuals and research partners whose data may have been exposed.

UConn IT security professionals, working with outside specialists, have no direct evidence that any data was removed from the School of Engineering’s servers. However the University is proceeding from an abundance of caution by notifying roughly 200 research sponsors in government and private industry, as well as working to determine how many individuals need to be notified about a potential compromise of personal information.

“UConn places the highest priority on maintaining the security and integrity of its information technology systems,” said Michael Mundrane, Vice Provost and Chief Information Officer at UConn. “That’s why, in addition to assisting individuals and research partners in responding to this incident, we’re taking steps to further secure our systems.”

The security breach was first detected by IT staffers at the School of Engineering on March 9, 2015, when they found malicious software, or “malware,” on a number of servers that are part of the school’s technical infrastructure.

The School of Engineering immediately notified faculty, staff, students, visitors, and emeriti – as well as roughly 1,800 users of the Lync instant communication tool used across the University at the time – that their log-in credentials had potentially been compromised, and recommended that those individuals change their passwords.

The University’s Information Security Office, in collaboration with School of Engineering staff and Dell SecureWorks, worked to identify the extent of the breach, secure the affected systems, and prepare a comprehensive review and response.

As a result of that process, this week the University began notifying research partners in government and private industry about the breach. Although the University has no evidence that any data was taken from the servers, or “exfiltrated,” the notifications are part of an appropriate, prudent response.

As part of the ongoing process of analyzing the extent of the attack, the University believes that personally identifiable information of consumers may have also been compromised.  Those individuals whose sensitive information (such as Social Security numbers or credit card information) is determined to have potentially been compromised will be notified and provided with the option to enroll in identity protection services.

“The unfortunate reality is that these types of attacks are becoming more and more common,” Mundrane said, “which requires us to be even more vigilant in protecting our University community.”

SOURCE: University of Connecticut

Related:  From their FAQ on Incident:

 

What did the investigation reveal?

Based on analysis done both internally by the University and by Dell SecureWorks, it was determined that the first penetration of a server on the School of Engineering network occurred on Sept. 24, 2013, with further penetration of the system occurring after that date. Although the University has no direct evidence that any data was exfiltrated, it is proceeding as if that were the case by notifying individuals with personal information that could have been compromised, as well as research partners outside the University.

 


Related:

  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
Category: Education SectorHack

Post navigation

← Stolen Consumer Data Is a Smaller Problem Than It Seems?
CT: Advanced Radiology Consulting, LLC notifies patients of breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Inquiry launched after identities of SAS soldiers leaked in fresh data breach
  • UK sanctions Russian cyber spies accused of facilitating murders
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report