Workstation Compromise

Unauthorized Work Station Compromise

October 13, 2006

During the week of October 2, 2006 the work station of a University employee was compromised by an unknown Internet hacker. The workstation contained social security numbers of students who lived in on-campus housing during the academic years 1998-2002 (not summer housing). The hacker took advantage of an older version of a Microsoft application called IIS that was used for a housing database. Sonoma is in the process of upgrading the application. Sonoma does not use IIS for its central web pages.

The University is attempting to notify those involved by mail and through statewide media. If you are among the group of students from 1998-2002 who lived in on-campus housing at Sonoma State University, please consider activating a free fraud-alert on your credit report (see contact information below).

Although it appears the hacker was only being mischievous (a hacker "calling card" was left), it is possible that the hacker could have accessed the information.

Sonoma has a policy that requires any file containing Personal Confidential Information to be encrypted. Sonoma is undergoing a technical process to ensure adherence to the policy.

Q: How many students were affected?
A: Approximately 4,500.

Q: Why was I on the list of those affected by the break in?
A: Some historical information was maintained on a desktop computer which is the computer that was compromised.

Q: What types of information was on the computer?
A: Names and social security numbers.

Q: What types of information ws NOT on the computer?
A: There was no information regarding financial aid (including student loans), student payment account information, student/parent credit card numbers, taxes, driver's license numbers, banking information, loans or direct deposit, transcripts or grades. There was no information about campus employees.

Q: Why weren't the work stations and the information more secure?
A: Sonoma State University operates its information systems with the highest level of security. Unfortunately in a high-tech world, some find it a challenge to try to "break in" to computers to which they do not have access. Sonoma uses state-of-the-art technology to monitor network activity and was able to discover this hacker very quickly.

Q: How safe is my personal information now on Sonoma State University's systems?
A: The University is constantly reviewing systems and servers for any hint of a virus or other problem. As was the case in this instance, Information Technology pursues suspect activity to uncover the breach and immediately takes appropriate action. Sonoma has a policy that requires any file containing Personal Confidential Information to be encrypted. Sonoma is undergoing a technical process to ensure adherence to the policy.

Q: Why was SSU using social security numbers?
A: SSU recognizes identity theft has become one of the fastest growing crimes in the nation and is making every effort to ensure that social security information is not unnecessarily used or exposed. We use alternate identification (such as an employee or student number) in most instances, but regulations from some agencies, such as federal loan programs, still require us to use social security numbers.

Q: What should I do to protect myself?
A: Because each person’s situation is unique, we cannot recommend a specific course of action. One common action to take is to contact credit reporting agencies to initiate a fraud alert. Any one of the three agencies listed below may be contacted. The initial alerted agency will notify the other two. Each will mail credit reports to you at no cost. Once received, check carefully for unusual activity.

Equifax (888) 766-0008 www.equifax.com
Experian (888) 397-3742 www.experian.com/fraud
TransUnion (800) 680-7289 www.transunion.com

Other locations for information include:

Q: Will I be getting a call from the University?
A: No. But please be aware of contact by people seeking confidential information, such as social security number and date of birth, who say they represent the University. Sonoma State University will not contact you by phone or other methods asking for private information unless it is in response to an inquiry from you.

Q: What is the University doing to help ensure a theft of this type does not occur again?
A: Sonoma State University is committed to making data as secure as possible and is continually seeking ways to protect the private information of our students and employees. Our Information Technology Department is constantly reviewing systems and servers for break-ins, viruses or other problems (which was how the particular situation was detected). W are continually reviewing business practices regarding records retention to make sure we are taking advantage of current technology.

Q: Who should I contact for further information?
A: Although we cannot provide information specific to individuals, we have provided the following toll-free number, 1-888-533-5388, to address any general questions that have not been covered above. Messages will be returned in the order received.


Search SSU Quick Links

Information For: Prospective Students Students Faculty & Staff Alumni Friends & Community A-Z Index About SSU Academics Admissions Athletics Calendars Computing Library Diversity Jobs Giving to SSU	SECURITY ANNOUNCEMENT
	Unauthorized Work Station Compromise October 13, 2006 During the week of October 2, 2006 the work station of a University employee was compromised by an unknown Internet hacker. The workstation contained social security numbers of students who lived in on-campus housing during the academic years 1998-2002 (not summer housing). The hacker took advantage of an older version of a Microsoft application called IIS that was used for a housing database. Sonoma is in the process of upgrading the application. Sonoma does not use IIS for its central web pages. The University is attempting to notify those involved by mail and through statewide media. If you are among the group of students from 1998-2002 who lived in on-campus housing at Sonoma State University, please consider activating a free fraud-alert on your credit report (see contact information below). Although it appears the hacker was only being mischievous (a hacker "calling card" was left), it is possible that the hacker could have accessed the information. Sonoma has a policy that requires any file containing Personal Confidential Information to be encrypted. Sonoma is undergoing a technical process to ensure adherence to the policy. Q: How many students were affected? A: Approximately 4,500. Q: Why was I on the list of those affected by the break in? A: Some historical information was maintained on a desktop computer which is the computer that was compromised. Q: What types of information was on the computer? A: Names and social security numbers. Q: What types of information ws NOT on the computer? A: There was no information regarding financial aid (including student loans), student payment account information, student/parent credit card numbers, taxes, driver's license numbers, banking information, loans or direct deposit, transcripts or grades. There was no information about campus employees. Q: Why weren't the work stations and the information more secure? A: Sonoma State University operates its information systems with the highest level of security. Unfortunately in a high-tech world, some find it a challenge to try to "break in" to computers to which they do not have access. Sonoma uses state-of-the-art technology to monitor network activity and was able to discover this hacker very quickly. Q: How safe is my personal information now on Sonoma State University's systems? A: The University is constantly reviewing systems and servers for any hint of a virus or other problem. As was the case in this instance, Information Technology pursues suspect activity to uncover the breach and immediately takes appropriate action. Sonoma has a policy that requires any file containing Personal Confidential Information to be encrypted. Sonoma is undergoing a technical process to ensure adherence to the policy. Q: Why was SSU using social security numbers? A: SSU recognizes identity theft has become one of the fastest growing crimes in the nation and is making every effort to ensure that social security information is not unnecessarily used or exposed. We use alternate identification (such as an employee or student number) in most instances, but regulations from some agencies, such as federal loan programs, still require us to use social security numbers. Q: What should I do to protect myself? A: Because each person’s situation is unique, we cannot recommend a specific course of action. One common action to take is to contact credit reporting agencies to initiate a fraud alert. Any one of the three agencies listed below may be contacted. The initial alerted agency will notify the other two. Each will mail credit reports to you at no cost. Once received, check carefully for unusual activity. Equifax (888) 766-0008 www.equifax.com Experian (888) 397-3742 www.experian.com/fraud TransUnion (800) 680-7289 www.transunion.com Other locations for information include: General Guides for Victims of Identity Theft (The Attorney General) Identity Theft, California Office of Privacy Protection Identity Theft, Social Security Administration Identity Theft Resources, Privacy Rights Clearinghouse Q: Will I be getting a call from the University? A: No. But please be aware of contact by people seeking confidential information, such as social security number and date of birth, who say they represent the University. Sonoma State University will not contact you by phone or other methods asking for private information unless it is in response to an inquiry from you. Q: What is the University doing to help ensure a theft of this type does not occur again? A: Sonoma State University is committed to making data as secure as possible and is continually seeking ways to protect the private information of our students and employees. Our Information Technology Department is constantly reviewing systems and servers for break-ins, viruses or other problems (which was how the particular situation was detected). W are continually reviewing business practices regarding records retention to make sure we are taking advantage of current technology. Q: Who should I contact for further information? A: Although we cannot provide information specific to individuals, we have provided the following toll-free number, 1-888-533-5388, to address any general questions that have not been covered above. Messages will be returned in the order received.
SONOMA STATE UNIVERSITY (707) 664-2880 • 1801 East Cotati Ave • Rohnert Park, CA 94928 THE CALIFORNIA STATE UNIVERSITY Contact \| Website Problems \| Text Only \| SSU Home
last updated: 8/8/05 10.25.2006

SECURITY ANNOUNCEMENT

Unauthorized Work Station Compromise October 13, 2006

Unauthorized Work Station Compromise

October 13, 2006