Hacker hits MU database - Personal info stored in computer system

A hacker broke into a University of Missouri system computer server last month and might have gained access to personal information, including Social Security numbers, of 1,220 researchers on four campuses.

The passwords used for the system by more than 2,500 people might have been compromised as well. The university has sent e-mails and registered letters to everyone affected.

"We have advised them to monitor their credit accounts and to be aware of the potential for any problem," said Scott Charton, a spokesman for the system. "We have had no reports of identify theft arising from this, but we want to be ultra cautious."

The compromised computer is the university's Research Board Grant Application System. Technicians have not identified the hacker, but an internal inquiry is under way to find the culprit's "footprints."

An off-campus computer monitoring system that scans the Internet for crimes first notified the university of the problem at 8:33 a.m. Jan. 16. The university's informational technology staff took the system off line an hour later. A more detailed examination showed the system was first hacked at 3:30 p.m. Jan. 14.

The affected system, which is still off line, serves as an electronic clearing house for researchers applying for grants and being paid for them. In the application and payroll process, personal information such as Social Security numbers is often included. In addition, some system users might have substituted their own personal computer passwords for the numeric password generated by the system.

In those cases, it might be possible for an unauthorized third party to gain access to personal information if the system user applied that same password to personal accounts as well as the grant application system.

"We have cautioned them if they are using that in their personal life, they should take steps to change the password or protect that password," Charton said.

A statement posted on the UM system's Web site said the breach occurred through the system's Web-based application that was developed several years ago and "did not have safeguards which current applications have to ward off increased threats from the Internet."

The statement also said those affected by the problem have been given instructions on how to monitor their credit reports for suspicious activity and how to address concerns about their password. The statement also said that those with questions about the breach should contact Sam Kanatzar, an assistant to UM's Research Board. Kanatzar directed questions to Charton this morning.

The problem in which personal information might have been disclosed affects 820 faculty members on the UM's systems four campuses, 76 former faculty members and 324 non-university personnel, mostly those who review grant applications, Charton said. In addition, the hacker might have seen 2,579 passwords.

Charton said the server affected is also used for competition for grants. He said the university was developing a new grant competition that will begin accepting applications in mid-February for a submission deadline of mid-March.

Boone County Sheriff's Detective Andy Anderson, who often investigates Internet crimes, said he was not familiar with the university's problem and could not comment on its specifics. However, Anderson said, it's not uncommon for hackers to attempt to exploit computer programs. "Most companies update their equipment to keep ahead of the problem," Anderson said.
At Dell, problems came bit by bit - Computer maker's trail of shortcomings made an overhaul necessary
CCU teams up to replicate past - Class plans to create computer models of ancient monuments
Clocks to spring forward earlier -- will computers be at risk
Companies find new ways to build computer security
Computer knack now a business - Proprietor's manner puts clientele at ease
Computers, more taken from Sedge Garden Elementary - 4 other school break-ins reported, 3 involving computer equipment
DMV computer link could raise voter pool - As Del. Melanie Rapp tries to clarify student voting rights, a DMV plan might help ease the Williamsburg flap
Entrepreneur's venture helps protect computers
Ex-computer programmer 1st-month leader - Hypothetical portfolio up 25%
Grant takes history into high tech - Museum adding computers, hoping for younger volunteers
Hacker hits MU database - Personal info stored in computer system
Myriad computers around the world join to solve problems piece by piece
On the road with the 'Geeks' - Helping hapless computer owners
Special effects without computers
State computers need upgrade - With better citizen services in mind, Pawlenty seeks $213 million
Students begin computer program - 20 disadvantaged middle schoolers can earn PCs
Union Bank to set up independent computer system - The system will cost an estimated $40-50 million and take three years to install
Warren-based computer chain opens fifth Michigan outlet