A hacked server that is. The system was broken into on Oct. 26, 2003, most likely during a broad Internet attack, according to a notice posted on the university’s Web site. The break-in went unnoticed until earlier this month.
In the attack, an attempt was made to install a backdoor on the server. That attempt failed, according to the university. The attack was possible because of a software flaw for which a patch was unavailable at the time. There is no evidence indicating that any attacker actually accessed data on the server, the university said.
The server has held personal information including social security numbers and campus addresses on at most 72,000 students, faculty and staff, between the time of the break-in and its discovery, according to the university. All individuals whose data may have been exposed are being contacted.
Hard to believe that this system change went unnoticed for so long.
Unbelievable … at most 72,000 students, faculty and staff …