12-12-05

IT staff report computer intrusions

AMES, Iowa -- An intruder recently breached the security of two Iowa State University computers containing sensitive information.

One computer held approximately 2,500 encrypted credit card numbers of athletics department donors. ISU information technology staff who investigated the computer breaks-ins say the intruder could not have read the credit card numbers because they were encrypted.

The second computer was used for time card entry for several university departments and contained Social Security Numbers of more than 3,000 Iowa State staff. Technology staff believe it's unlikely that the intruder accessed the files with employees' information.

"Analysis of both computers indicates the intruder was not looking for personal data, but for space to distribute pirated movies," said Maury Hope, associate chief information officer in Information Technology Services.

Iowa State's IT staff removed intrusive software that had been installed on the computers and are tightening security measures on other computers to prevent similar breaches in the future, Hope said.

The 3,268 employees whose personal data was on the time card computer have been notified, Hope said. "Although we don't believe the intruder accessed personal data, we don't know that for certain. We've provided those employees with precautionary steps they can take, such as keeping an eye on their credit reports."

-30-