System workers’ database hacked

No identity theft has been reported yet by the 9,000 current employees affected.
Wednesday, May 9, 2007 | 12:00 a.m. CDT; updated 9:59 a.m. CDT, Sunday, July 20, 2008

A hacker broke into a University of Missouri System database last Thursday and Friday, stealing information that included the names and Social Security numbers of more than 22,000 current and former system employees.

Employees working at all of the system’s four campuses in 2004 were affected.

“We have had no reports of identity theft arising from this incident,” said UM System spokesman Scott Charton. “However, we are moving aggressively to spread the word about the break-in in our computer system to try to head off any problem.”

About 9,000 current UM employees are affected by the security breach. Charton said the information was contained in a report compiled in 2004. Last year, former UM System President Elson Floyd ordered that all employee Social Security information be removed from online databases to prevent such attacks. Charton said there is an ongoing effort to comply with the order, but the 2004 report was overlooked.

A hot line set up by MU was deluged with nearly 1,000 calls seeking information Tuesday, Charton said. The university plans to have additional lines set up and more operators on hand today. The hot line may be called toll free between 8 a.m. and 5 p.m., Monday through Friday, at 866-241-5619. The local number in Columbia is 884-7222.

Records show the first entry into the system came from an IP address in China early Thursday morning. University technicians noticed irregularities in a computer application and initially believed there was a problem within the application. They purged the report and reported the incident to MU police as soon as they recognized the problem Friday, Charton said. MU police are cooperating with the FBI.

Gary Allen, the university’s vice president for information technology, sent an e-mail to university employees Tuesday morning notifying them of the breach. An additional e-mail was sent to those employees affected. In the e-mail, Allen encouraged employees to place a flag on their credit reports that would alert creditors of possible fraud. He also suggested employees check their credit reports and report any suspicious activity to the Missouri Attorney General’s identity theft hot line, (800) 392-8222.

A similar computer security breach happened at MU last January when a hacker broke into university Web sites and altered them. Officials warned that the hacker may have accessed personal information such as addresses, passwords and Social Security numbers. The hacker gained access through an outdated Web-based program the university used to manage and process research proposals. The university disabled the software after the incident.

Although such incidents are uncommon for an organization such as the UM System, Charton said, many large organizations are subject to thousands of attempts by would-be hackers daily.

“This is not anything new,” Charton said. “In any large organization, you’re constantly reviewing your security precautions.”

Like what you see here? Become a member.

Show Me the Errors (What's this?)

Report corrections or additions here. Leave comments below here.

You must be logged in to participate in the Show Me the Errors contest.


Megan Boyer May 9, 2007 | 8:47 a.m.

It's stunning to read the following quote:
"...we are moving aggressively to spread the word about the break-in in our computer system to try to head off any problem."
A co-worker and I spent some time compiling a list of all the people we knew who met the criteria for being at risk who no longer worked at the university. Our friends and former coworkers had not been contacted and when they called the 1-800 number provided in the email (and they called during business), they were told (via voicemail) to call back during business hours. My brother, who left the university only weeks ago, was told they had “no way of finding his contact information” even though he was required to leave forwarding information with HR.
If you know anyone who may be affected by this security breech who is no longer working for the UM system, please let them know they might be at risk!

(Report Comment)
Seth Myers May 10, 2007 | 5:12 p.m.

Obviously the University is looking for the cheapest way to notify people - using PR.

(Report Comment)

Leave a comment

Speak up and join the conversation! Make sure to follow the guidelines outlined below and register with our site. You must be logged in to comment. (Our full comment policy is here.)

  • Don't use obscene, profane or vulgar language.
  • Don't use language that makes personal attacks on fellow commenters or discriminates based on race, religion, gender or ethnicity.
  • Use your real first and last name when registering on the website. It will be published with every comment. (Read why we ask for that here.)
  • Don’t solicit or promote businesses.

We are not able to monitor every comment that comes through. If you see something objectionable, please click the "Report comment" link.

You must be logged in to comment.

Forget your password?

Don't have an account? Register here.