UD Home | UDaily | UDaily-Alumni | UDaily-Parents


HIGHLIGHTS
UD called 'epicenter' of 2008 presidential race

Refreshed look for 'UDaily'

Fire safety training held for Residence Life staff

New Enrollment Services Building open for business

UD Outdoor Pool encourages kids to do summer reading

UD in the News

UD alumnus Biden selected as vice presidential candidate

Top Obama and McCain strategists are UD alums

Campanella named alumni relations director

Alum trains elephants at Busch Gardens

Police investigate robbery of student

UD delegation promotes basketball in India

Students showcase summer service-learning projects

First UD McNair Ph.D. delivers keynote address

Research symposium spotlights undergraduates

Steiner named associate provost for interdisciplinary research initiatives

More news on UDaily

Subscribe to UDaily's email services


UDaily is produced by the Office of Public Relations
The Academy Building
105 East Main St.
Newark, DE 19716-2701
(302) 831-2791

Two security breaches addressed

2:03 p.m., Nov. 23, 2005--Two recent security breaches of computers at the University of Delaware have resulted in the possible exposure of names and Social Security Numbers that were stored in databases on the computers.

All those individuals whose personal information may have been compromised have been sent letters informing them of the breach and sharing information on how to combat identity theft.

A School of Education computer was attacked in late August by a hacker whose intent appears to have been to establish an illegal movie sharing system. The computer contained a database that included Social Security Numbers of 772 students registered in online education courses.

A Department of English computer was hacked in August in an apparent attempt to log onto and control one server and thereby gain control over other campus servers. This computer contained Social Security Numbers of 180 individuals who have taught in the department, including faculty, supplemental faculty and graduate assistants.

In both of these unrelated cases, the primary objective of the intruder seems to be unrelated to the fact the databases contained personal information, according to Karl D. Hassler, associate director for Information Technologies—Network and Systems Services. To date, there has been no indication that any identity theft has occurred as a result of these incidents, he said.

It is UD policy to notify individuals that their personal information may have been compromised following such incidents. Since the incidents, additional safeguards have been put in place, and Social Security Numbers have been removed from both servers.

Individuals with concerns about identity theft may visit a special web site prepared by Information Technologies at [www.udel.edu/security/identitytheft.html].

UD’s Office of Information Technologies recently completed a campaign, launched in fall 2004, to help campus departments protect sensitive personal nonpublic information (PNPI), such as Social Security and credit card numbers. Specialists from Information Technologies-User Services have visited every University department to discuss and provide advice about proper security for stored PNPI. They also have stressed collecting such information only when required and reiterated the responsibility of each employee to follow UD policy, Delaware laws and federal laws and regulations for the processing and safekeeping of confidential, personal information.

“We are continuing to help departments develop more secure business processes and to make sure each department understands that it is responsible for assuring compliance with the Family Educational Rights and Privacy Act (FERPA) and other laws that govern the use of PNPI,” Susan Foster, vice president for information technologies, said.

"The University has moved away from using Social Security Numbers as identifiers, but the problem is how to ensure that such information is removed from older databases that University departments and units may have set up in the past," Foster said. "Part of the reason for the outreach to every department was so that we could raise those kinds of questions with responsible persons in each unit and ask, 'Is there anywhere else you may have stored such information?'"

Information Technologies has posted guidelines aimed at helping departments secure PNPI and make sure they are in compliance with the University policy and the law. Those can be found at [www.udel.edu/ssn/guid.html].

The guidelines direct departments to ensure the privacy of PNPI by encrypting electronic transmissions, not storing PNPI locally and protecting PNPI when working from home or outside the University.

Members of the University community with questions about uses of PNPI should call the Information Technologies Help Center at (302) 831-6000 or send email to [consult@udel.edu].

Additional information is available at these sites:

Protecting Personal Non-Public Information [www.udel.edu/ssn/]

UD Computer Security [www.udel.edu/security/]

Responsible Computing: A Manual for Staff [www.udel.edu/ecce/staff.htm]

  E-mail this article

To learn how to subscribe to UDaily, click here.