Stanley A Miller II
August 10, 2011
Milwaukee Journal Sentinel
A computer system at the University of Wisconsin-Milwaukee was hacked and bugged with malicious software, potentially exposing the names and Social Security numbers of about 75,000 students, faculty and staff, the school announced Wednesday.
UWM officials said, however, that investigators have no evidence that data was viewed or stolen, and the school is sending letters Wednesday to those potentially affected by the security breach.
“Talking to the forensic experts, we don’t believe the motive was identity theft,” said Tom Luljak, UWM’s vice chancellor for university relations. “We are a research institution with a significant number of projects under way. It is theorized that this may have been an attempt to look at work being done.”
The school’s technology staff discovered on May 25 that software allowing backdoor access into a UWM database was lurking on a system used for scanning and viewing documents. That system, Luljak said, is an image bank used by several departments for managing a variety of documents, including applications processing.
Luljak said the school isn’t sure how long the malicious software sat on the system before being discovered, but officials think it was for a “short period of time.” The malicious software was installed remotely, Luljack said, and the infected server was immediately shut down.
“We don’t believe anyone got access to the image bank,” Luljak said. “There is no evidence that the hackers actually looked at or retrieved any information.”
The school contacted local and federal law enforcement authorities soon afterward and discovered June 30 that a database had been exposed. Luljak said that although the data included names and Social Security numbers, it didn’t contain any financial data or academic information such as student grades.
“Because of the nature of the malware, our concern was it would provide access to other servers,” Luljak said. “We think it might have been more of a fishing operation.”
Luljak said it took time to determine the specifics of the security breach, noting the school’s experts worked “virtually around the clock.”
“Our responsibility, we believe, is to be completely transparent to those affected,” Luljack said.
The school has set up a website at www.computersecurity.uwm.edu with information about the security breach, as well as a hotline at (800) 349-8518.