Slashdot Mirror

← Back to Stories (view on slashdot.org)

CSU Chico Identities Compromised

Posted by Zonk on from the hack-the-cafeteria dept.

MisterFuRR writes "California State University Chico is the latest victim of Identity theft. Aparently one of their "Food Service" machines was cracked and used to distribute "games, files, and other media". An official response is available." From the article: "The names of 15,500 current students, 1,000 faculty, 1,500 staff and former students going back about five years were in a database that was potentially compromised. The files also included information on prospective students."

5 of 202 comments (clear)

  1. RTFA, they don't use SSNs anymore. by PornMaster · · Score: 2, Informative

    CSUC said it has implemented new security measures. One of them is to issue randomly assigned nine-digit identification numbers to students and staff, in place of Social Security numbers.

    --
    500GB of disk, 5TB of transfer, $5.95/mo
  2. RTFA (was Re:Food Service?) by hpulley · · Score: 4, Informative

    The summary above is not quite correct. The linked article actually states, "...someone had broken into a computer server at the university's housing and food service center last July", not a vending machine.

    --
    $#!^ happens, but why does it always have to happen to me???
  3. Re:Proof, yet again, that SSNs should not be used! by PhiltheeG · · Score: 2, Informative

    The SSN is required if you receive most types of financial aid, if you are getting reimbursed in somes way where taxation is involved, and a couple other legitimate instances.

    Part of the SSN is required to validate data for alumni against lists provided by subsidiaries of child companies owner or operated by larger companies like Seisint (LexusNexus).

    --
    -Phil
    Shoot questions, first ask later...
  4. Re:hmmm by garnetlion · · Score: 3, Informative

    No no no. Chico students are drunks. The stoners go upstate to CSU Humboldt.

  5. Re:might be giving them too much credit by FreeLinux · · Score: 3, Informative

    I've seen it many times. Someone leaves an IIS default install exposed to the world without sufficient patches. A script kiddie opens them up with an FTP exploit. They then create a directory that is invisible to all, including the administrator, and is impossible to remove with the OS(I thought that was interesting when I first saw it). They then start uploading warez and posting the ip on warez web sites.

    They haven't rooted the box, they just fill up the disk with warez because of unpatched holes in IIS FTP service. The disk space and bandwidth is owned but, nothing else.