More than 22,000 current and former University of Missouri-Columbia students are the potential victims of identity theft after a malicious hack attack last week. How the hackers broke into the server is interesting. As noted in Computerworld, the attack came by way of a web form used to track the status of helpdesk queries.
IT staffers noticed unusual activity that began around 5:30 a.m. CDT last Thursday, then tied a large number of database query errors to the problem on Friday. Logs showed that the attacks ended at 9:34 a.m. Friday. That day, technicians disabled the account used to access the database from one IP address in China and another in Australia. The FBI was alerted on Monday.
“The hacker was able to reach the information by making thousands of queries over a span of hours, allowing the identities to be exposed one at a time,” the university reported.
Thanks to Wired Campus for the Computerworld link.
Andy writes! 
Do you suppose part of this problem is the fact that – at least in my higher ed experiences – that computer systems are a bit more open, and often run by volunteers &/or unpaid interns?
Hola, Dean. Nice to see you stopping by over here. I think the issue ha more to do with simply trying to manage data from “legacy” computer systems as universities and other organizations move into newer systems. As the Computerworld article noted, the hacked records “had been compiled for a report, but were overlooked rather than deleted.” Then again, maybe they were overlooked because of staffing issues (i.e., lack of adequate staffing and/or student staffing).
A follow-up story from this morning’s Columbia Missourian: Data theft may cause long-term problems.