Security Breach on S:/
Jason Holloway
Issue date: 9/2/08 Section: News
On Tuesday, August 26, a non-malicious student intruder gained access to a restricted server and promptly reported the vulnerability to campus authorities. Approximately 245 employees and former employees had personal information, including name, social security number, and date of birth, compromised during the security breach. The file containing personal information was a record of employees that had university credit cards known as purchase cards (or p-cards). Any university member requesting a p-card must provide their social security number and date of birth on the application form. Following the incident on Tuesday, all affected individuals were contacted and briefed on the situation.
The shared server was only available on the Clarkson network and was not available to the general public. Following the breach a full investigation was launched with forensic computing to determine all users who had accessed the S drive during the vulnerability. The only unauthorized access to the personal information was made by the student who found the vulnerability. On Monday, August 25, routine work was being performed on the S drive causing access privileges to be reset to default values, allowing anyone with an active directory user account access to the server.
The Integrator talked with President Collins and Kelly Chezum, the Assistant to the President for Strategic Advancement, concerning the unauthorized access. President Collins said that because of "fast thinking, [we were] able to track everything" and that access was limited to one individual. Chezum reported that as an affected individual she "feel[s] pretty confident my personal information is fine."
The shared server was only available on the Clarkson network and was not available to the general public. Following the breach a full investigation was launched with forensic computing to determine all users who had accessed the S drive during the vulnerability. The only unauthorized access to the personal information was made by the student who found the vulnerability. On Monday, August 25, routine work was being performed on the S drive causing access privileges to be reset to default values, allowing anyone with an active directory user account access to the server.
The Integrator talked with President Collins and Kelly Chezum, the Assistant to the President for Strategic Advancement, concerning the unauthorized access. President Collins said that because of "fast thinking, [we were] able to track everything" and that access was limited to one individual. Chezum reported that as an affected individual she "feel[s] pretty confident my personal information is fine."
Viewing Comments 1 - 10 of 15
Caroline Mckinsey
posted 5/22/09 @ 10:29 AM EST
I like articles like this. Great Article! Thanks!
Maria Lovinger
posted 5/22/09 @ 4:09 PM EST
Great article. I agree totally.
Andrea Loughlin
posted 6/20/09 @ 8:46 AM EST
A friend of mine directed me here and I wanted to comment and thank you for all your hard work.
Eleanor Hearne
posted 6/20/09 @ 10:52 AM EST
Good information. Thanks for the post.
Andrea Loughlin
posted 6/22/09 @ 5:34 AM EST
A friend of mine directed me here and I wanted to comment and thank you for all your hard work.
Menter Bury
posted 6/22/09 @ 2:31 PM EST
I have read all your article. They good.
Eleanor Hearne
posted 6/23/09 @ 7:34 AM EST
Good information. Thanks for the post.
Katherine Waite
posted 7/04/09 @ 4:56 AM EST
Good scene, interesting post, thanks.
dasd
posted 9/18/09 @ 7:49 PM EST
dasdasd
MBT Shoes sale
posted 12/21/09 @ 7:51 PM EST
MBT Anti Shoes –Keep Health
Atasale.com is not only offer NBA Basketball Shoes, he also support MBT shoes, which is the world's smallest gym. MBT Shoes, Stand for Masai Barefoot Technology! MBT anti shoes have special multi-layered soles that are designed to change the way you walk, so you workout your entire body while you wear them. (Continued…)
Post a Comment