FOR IMMEDIATE RELEASE
Contact: Teresa Hendrix
Cal Poly Public Affairs
(805) 756-7266, 756-1511
Cal Poly Notifies 652 Students of Possible Data Breach
SAN LUIS OBISPO – Cal Poly has mailed letters to 652 students, fewer than four percent of the student body, notifying them of a computer problem that could affect them.
On July 23, Cal Poly discovered that a type of computer virus called a “worm” had infected a specialized computer. The computer is used to test data for the PolyCard, a student-identification card administered by Cal Poly Information Technology Services.
Since this worm can compromise a computer’s security, making it more vulnerable to access by unapproved parties, the machine was cleaned and its anti-virus software was updated to protect against future attacks by the worm and other viruses and threats, according to Jerry Hanley, Cal Poly’s chief information officer.
Although Cal Poly procedures allow for only “dummy” data – not actual student information – to be used during testing, one file containing real data was found on the server August 17 during a thorough inspection of the thousands of files on the machine, Hanley explained. The data included name, Social Security number, local and home addresses, and phone numbers for 652 Cal Poly students.
“While there is no indication that any of the private information was accessed during the two-month window in which the file was on the infected machine, and we have every reason to believe the probability of that is extremely low, we are sending notification letters consistent with California Civil Code,” Hanley said.
“We apologize to the students and have taken steps to repair the affected machine and safeguard it against any potential attack. We are also constantly evaluating new technology and other measures to enhance our computer security and protect information,” he added.
Students who do not receive a letter are not affected, Hanley emphasized. However, students with questions about the matter can contact the ITS department at (805) 756-2966.
There is also a university Web site with more information about this
topic, including a fact sheet, a copy of the letter and any updates, available
at:
http://www.afd.calpoly.edu/AFD/infosecurity/090304notification.htm.
A fact sheet about the matter is available online at:
http://www.afd.calpoly.edu/AFD/infosecurity/sb-1386-factsheet-090304.pdf
General background information on computer viruses and security is available online at:
SECURITY/FOCUS - Links to "A Polluted Internet" and "Infected
in Twenty
Minutes" under the heading "Columnists" and "Valuing
Secure Access to
Personal Information" under the link to "Foundations"
CERT - "Tech Tips" and "Articles" under "New
and Home Users" and link to
"Publications by CERT/CC Staff"
EDUCAUSE - Focuses on Security Issues in Higher Education:
http://www.educause.edu/security/
http://www.educause.edu/security/task-force.asp#publications
- # # # -
Editors please note: Two Cal Poly officials have set aside time to talk to the media today from 10 a.m. to 3 p.m. Media with questions about the technical computer aspects of this matter can call ITS User Support Services Director Craig Schultz at (805) 756-6117. Media with questions about Cal Poly’s response to the incident and computer security policies can contact Cal Poly Associate Vice President for Administration Vicki Stover at (805) 756-2171.