July 5, 2006 1:15 PM PDT

Illinois university hit with security breach

Western Illinois University is notifying more than 180,000 people that their personal data is at risk after hackers entered its networks.

The university said it mailed the last of its notifications on Monday to people whose Social Security number, credit card account number and other sensitive information were on the student service servers in the security breach.

"The breach occurred on June 5 through our electronic student services system servers. They do frequent checks on their system and discovered the breach within hours after it occurred," said Darcie Shinberger, a spokeswoman for Western Illinois University.

The incident affects alumni and students who attended the institution between 1983 to the present, as well as 1,000 individuals who were there from 1978 to 1982. Anybody who purchased items online from the university's bookstore or who stayed at the university union hotel also may have had their data exposed, Shinberger said, but could not specify a date range.

The hacked servers house Western's electronic student services system, which is used to run the university's admissions Web site, financial aid, bookstore and hotel.

Western Illinois University distributed e-mail notices to those affected on June 15 and began following that up with mailings last week. It has not received any reports from its public safety office of individuals having their personal information compromised as a result of the incident, Shinberger said.

For the school to say it has no evidence that private information has been used to commit identity theft is disingenuous, said Avivah Litan, an analyst at research firm Gartner. Unless a school has taken an extensive review over an extended period, there's no sure way of determining whether the hackers have profited from the information, Litan said.

In addition, victims of identity theft will often turn to other sources to report the problem, such as their credit card companies or local police, before notifying the place where the breach occurred.

Following the incident, Western Illinois University, which serves 13,400 students and has an alumni base of 95,000, began installing new security measures. It is reviewing its policies for storing information and handling online credit card information.

The security breach is not the first for the university. A few years ago, a student broke into Western's computer system and began rifling through his or her own virtual records.

"We have never had anything of this magnitude. This is a first for us," Shinberger said. "There are always risks when doing business online."

Perhaps one of the strongest indicators of the level of security at U.S. universities is that even after a string of major breaches at such places as Ohio University, Notre Dame University and the University of Texas, hackers continue to find their way into college computer systems.

The pervasiveness of security breaches there stem, in part, from the way educational institutions are set up. Universities and colleges desire an exchange of ideas and information and, as a result, maintain relatively open networks. Security experts have noted that this situation may well be to blame for security breaches at institutions.

CNET News.com's Greg Sandoval contributed to this report.

See more CNET content tagged:
security breach, university, breach, institution, incident

8 comments

Join the conversation!
Add your comment
Strike 2....
Large Universities are the new target for computer hackers and quite frankly I am surprised it's taken so long. The amount of information that Universities collect is extraordinary. Just to apply to a University you must give them your Social Security number and other personal information, so who knows if all those applicants are also stored within the schools database. When you mix that with the often out of date securtiy practices it seems odd that only a few schools have reported intrusion.

At the same time, I am just a surprised that after being hacked a number of years ago, W. Illinois does not seem to take the necessary precautions to avoid it from happening again. They need to fix this headache all their alumni probably have and solve this data security problem. There are a number of simple ways to protect your personal information, here are a few choices...
<a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article16.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article16.htm</a>
Posted by Nkully86 (59 comments )
Reply Link Flag
Security 101
Nkully86, you're right with all the great minds housed together at Universities, you think that they'd be more apt to act on such threats and have better security on the school's databases - and don't forget about Vermont, Hawaii and others... Strike 6 by my count now.
Posted by marileev (292 comments )
Link Flag
Strike 2....
Large Universities are the new target for computer hackers and quite frankly I am surprised it's taken so long. The amount of information that Universities collect is extraordinary. Just to apply to a University you must give them your Social Security number and other personal information, so who knows if all those applicants are also stored within the schools database. When you mix that with the often out of date securtiy practices it seems odd that only a few schools have reported intrusion.

At the same time, I am just a surprised that after being hacked a number of years ago, W. Illinois does not seem to take the necessary precautions to avoid it from happening again. They need to fix this headache all their alumni probably have and solve this data security problem. There are a number of simple ways to protect your personal information, here are a few choices...
<a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article16.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article16.htm</a>
Posted by Nkully86 (59 comments )
Reply Link Flag
Security 101
Nkully86, you're right with all the great minds housed together at Universities, you think that they'd be more apt to act on such threats and have better security on the school's databases - and don't forget about Vermont, Hawaii and others... Strike 6 by my count now.
Posted by marileev (292 comments )
Link Flag
Street Value Of $18 Million
Illegal immigrant document peddlers will be able to sell the stolen SSNs on the street for at least $100 per number. The reason our government does not care about these breaches, indeed secretly supports them, is because they help ensure an uninterrupted supply of below market labor that as our fuhrer states, "Does work Americans can't or won't do".
Posted by CancerMan2 (74 comments )
Reply Link Flag
Utterly amazing...
How one can turn a story about potential identity theft into a personal attack against the President. You are a skilled political hack - I'll give you that much.
Posted by CVSoprano (8 comments )
Link Flag
Street Value Of $18 Million
Illegal immigrant document peddlers will be able to sell the stolen SSNs on the street for at least $100 per number. The reason our government does not care about these breaches, indeed secretly supports them, is because they help ensure an uninterrupted supply of below market labor that as our fuhrer states, "Does work Americans can't or won't do".
Posted by CancerMan2 (74 comments )
Reply Link Flag
Utterly amazing...
How one can turn a story about potential identity theft into a personal attack against the President. You are a skilled political hack - I'll give you that much.
Posted by CVSoprano (8 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.