Blog of Tushar Phadke

A hacker has broken into the computer system at the University of Missouri and gained access to a database containing more than 20,000 personal details.

The attacker used a web page designed to deal with IT help desk queries to access the information.

Names and Social Security numbers of 22,396 individuals who were employees and students at the university during 2004 were accessed during the attack.

IT staff at the university discovered the breach on 4 May, following unusual activity the previous day. The attack was traced to two IP addresses in China and Australia.

“University of Missouri technicians identified a large series of errors caused by faulty queries to an application and an associated database,” said a university statement.

“These errors were first assumed to be caused by a problem with a system used to track computer help desk repair calls using the same database.”

Technicians disabled the account being used to access the database and the vulnerable web application is no longer available online.

University officials said that they are working closely with law enforcement officials and the FBI to investigate the event.

“The University of Missouri takes this breach very seriously and is working to alert the individuals whose information was improperly accessed, including instructions about how they may monitor their credit reports for suspicious activity,” said the statement.

“The university will continue to work diligently to secure confidential data held in its computer systems.”