Oklahoma State University Parking Services Server Compromised
Personal information belonging to anybody who got a parking pass at Oklahoma State University (OSU) over the last five years has been compromised, university officials said Wednesday. Oklahoma State University has discovered that a server under the control of OSU Parking and Transit Services had been accessed from another country without authorization. The database contained confidential information, specifically the names, addresses and Social Security numbers of OSU faculty, staff and students who had purchased a parking permit between July 2002 and March 2008. The server is believed to have been compromised on November 23, 2007. OSU learned of the breech on March 20, 2008 and blocked access to the server.
Upon discovering this intrusion, the IT Information Security Office immediately removed the server from the network to evaluate server activity to ascertain if personal information had been accessed. The illegal access was limited to the parking and transit server and currently the confidential information has been removed from the database.
OSU contacted and worked with federal law enforcement authorities and as a result of its investigation, OSU believes the intruder’s purpose and only action was to use the OSU server for storage capacity and bandwidth to upload and distribute illegal or inappropriate content.
After evaluation of all available data related to this incident, OSU found no evidence which would indicate that the database was copied or viewed by the hacker. At this point, OSU cannot say with 100 percent certainty that the hacker did not access personally identifiable information.
The OSU Parking Department has altered their procedures for the collection of private information. Additionally, the server which was located at the OSU Parking Service’s office will be relocated to the IT Data Center for enhanced security. OSU is conducting a full review and will be taking additional steps to protect our network from unauthorized access.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.