A hacker broke into a University of Missouri System database last Thursday and Friday, stealing information that included the names and Social Security numbers of more than 22,000 current and former system employees.
Employees working at all of the system’s four campuses in 2004 were affected.
“We have had no reports of identity theft arising from this incident,” said UM System spokesman Scott Charton. “However, we are moving aggressively to spread the word about the break-in in our computer system to try to head off any problem.”
About 9,000 current UM employees are affected by the security breach. Charton said the information was contained in a report compiled in 2004. Last year, former UM System President Elson Floyd ordered that all employee Social Security information be removed from online databases to prevent such attacks. Charton said there is an ongoing effort to comply with the order, but the 2004 report was overlooked.
A hot line set up by MU was deluged with nearly 1,000 calls seeking information Tuesday, Charton said. The university plans to have additional lines set up and more operators on hand today. The hot line may be called toll free between 8 a.m. and 5 p.m., Monday through Friday, at 866-241-5619. The local number in Columbia is 884-7222.
Records show the first entry into the system came from an IP address in China early Thursday morning. University technicians noticed irregularities in a computer application and initially believed there was a problem within the application. They purged the report and reported the incident to MU police as soon as they recognized the problem Friday, Charton said. MU police are cooperating with the FBI.
Gary Allen, the university’s vice president for information technology, sent an e-mail to university employees Tuesday morning notifying them of the breach. An additional e-mail was sent to those employees affected. In the e-mail, Allen encouraged employees to place a flag on their credit reports that would alert creditors of possible fraud. He also suggested employees check their credit reports and report any suspicious activity to the Missouri Attorney General’s identity theft hot line, (800) 392-8222.
A similar computer security breach happened at MU last January when a hacker broke into university Web sites and altered them. Officials warned that the hacker may have accessed personal information such as addresses, passwords and Social Security numbers. The hacker gained access through an outdated Web-based program the university used to manage and process research proposals. The university disabled the software after the incident.
Although such incidents are uncommon for an organization such as the UM System, Charton said, many large organizations are subject to thousands of attempts by would-be hackers daily.
“This is not anything new,” Charton said. “In any large organization, you’re constantly reviewing your security precautions.”