Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hacked University Server Puts 176,000 Individuals at Risk

Virginia Commonwealth University Hacked

A server at Virginia Commonwealth University, containing files with personal information on current and former VCU and VCU Health System faculty, staff, students and affiliates, was breached in October, during a two step attack. As a result, 176, 567 individuals may have been exposed to personal data theft.

Virginia Commonwealth University Hacked

A server at Virginia Commonwealth University, containing files with personal information on current and former VCU and VCU Health System faculty, staff, students and affiliates, was breached in October, during a two step attack. As a result, 176, 567 individuals may have been exposed to personal data theft.

Mark Willis, the CIO of VCU, said that on October 24, routine monitoring discovered suspicious files on one of the network devices. The server was taken offline and the vulnerabilities on it patched. Given that the server contained no personal or otherwise sensitive information; the incident was considered resolved, until five days later.

“Five days later, VCU’s continuing investigation revealed two unauthorized accounts had been created on a second server, which also was taken offline. Subsequent analysis showed the intruders had compromised this device through the first server. The intruders were on the server a short period of time and appeared to do nothing other than create the two accounts,” Willis noted in his notification letter.

This second server contained data on 176,567 individuals including a name or eID, Social Security Number and, in some cases, date of birth, contact information, and various programmatic or departmental information. The university can not say with complete certainty that the data wasn’t compromised, even though the likelihood is low. So, to play things safe, they issued a wide notification, and advice on monitoring personal information, including credit monitoring or acquiring identity protection services.

The university said they will not automatically grant everyone potentially impacted by the incident identity theft protection. “However, for the peace of mind of concerned students, employees and affiliates, the University will honor individual requests for these services,” the notification details explained.

More information on the incident can be found here.

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...