State
UMaine students who sought mental health services' data compromised
University of Maine logo
The University of Maine police department is investigating a data breach of which has lead to the exposure of personal and medical information of almost 5,000 students between the summer of 2002 and this past week.
According to a press release from the university, the servers which have been breached were the ones that stored information from the UMaine Counseling Center, which provides mental health services to the university's student population. The compromised database includes "names, social security numbers and clinical information relative to every student who engaged counseling center services between Aug. 8, 2002 and June 21 of this year." The university estimates that 4,585 students' information were exposed.
Any students or former student who used the Counseling Center during that time should assume that he or she is affected, according to the press release.
"There is no indication that data were viewed, compromised or downloaded from either of these servers, but we are operating according to a worst-case scenario," said Robert Dana, the UMaine vice president for student affairs. "In any case like this, identity theft must be a top concern and consequently we are taking strong measures to assist those whose information may have been exposed and to prevent further security intrusions."
The university began an investigation on June 16 after Counseling Center staff reported they were having difficulty accessing servers. The investigation revealed that a hacker or hackers had gained access to a server storing archived information from 2002 to 2005 as early as March 4 of this year. Some time later he or she accessed a second server which contained the Counseling Center's active database, according to the press release.
"The high-level safeguards we have in place routinely thwart these attempts, but they were not adequate in this case," Dana said. "This is a serious breach, and we are profoundly sorry that this has happened."
The university has said in the release that police will not disclose how the hackers used to access the servers in order to "preserve the integrity of the investigation." The university's department of public safety will be consulting with the U.S. Attorney's office and the computer crimes experts from the U.S. Secret Service.
The university has hired a company to provide credit monitoring for students and former students who may have been affected by the data breach. The company, Debix, will watch those individuals credit for fraudulent activity. The university will also be sending letters in early July to those affected who inform them how to access those services, which will be provided at no cost to them.
Advertisement
Displaying comments, from newest to oldest
Data Breach: In the realm of risk, unmanaged possibilities...
...become probabilities. This is a GREAT article despite the dismay of breaches. In David Scott’s words, everyone needs to be a mini-Security Officer today. I think Mr. Scott, the author, is right: Most individuals and organizations enjoy Security largely as a matter of luck. For some free insight (and free is good!), check out his blog, “The Business-Technology Weave” – you can Google to it, or search on the site IT Knowledge Exchange which hosts it. Anyone else here reading I.T. WARS? It reflects much of what is said here. I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium). “In the realm of risk, unmanaged possibilities become probabilities.” Keep “security” front and center! Great stuff.
No respect
A company (i.e. Hannaford, Checkpoint etc.) or government entity (U of Maine, State of Maine) can just do a 'too bad we did our best, but...' with personal data. The norm now is to admit a breach, say we did our best, give a bogus credit monitoring service for one year, and send a letter of apology. This is the formula.
Responsible parties should be identified. Holders of privacy data should be penalized for a breach in the forfeiture of future government business or grants. Further, holders of private data should be required to post a bond.
Let me guess....
Was the data encrypted? No. Was all the privacy data located in one data store (server, database)? Yes.
Was archived (earlier than 2009-2010) records kept off line? No.
Loose As a Goose
Advertisement
Advertisement
Most Popular Today
verified on "P. Nachman: Confidence probably misplaced"
You need treatment for xenophobia.
That's Greek for "fear of people from away." It was just a week or so ago that you said exactly the same thing about someone in Wyoming. Get a grip, Dan. You're using the internet, which makes the world a very small place.
verified on "LePage's communications director stepping down"
A Sysphean task if there ever was one.
Being LeRage's communications director must be akin to being Mel Gibson's publicist. *shudder*
verified on "Local schools stand to get more state money for education"
MONEY, is NOT the
MONEY, is NOT the answer.
FAILING students need to be HELD BACK.
STOP passing the flunking kids into the next grade.
Is it really so complicated? NO!
If your kid FLUNKS you kid doesnt move on to the next grade!
This is so absurd, we spend more on education than almost every other state in the US and what do we have to show for it? Taxes higher than almost any other state in the US and kids who are flunking.
When are folks gonna figure this one out?
Buying flunking kids iPads and giving them free laptops isnt doing anything for their education. PASSING kids who FAIL isnt doing anything either. Loose the iPads and FLUNK the FLUNKEES and guess what? evenutually performace will improve. (three years in 4th grade should produce and very smart 4th grader)
In order to make comments, you must verify your account.
In order to comment on SunJournal.com, you must use your real name and include the town in which you live in your profile. A member of our staff will call you to verify this information. To join in, fill out your user profile completely and check the box "please verify my status." We'll get back to you within one business day to verify your account.
Login or create an account here.
Our policy prohibits comments that are:
- Defamatory, abusive, obscene, racist, or otherwise hateful
- Excessively foul and/or vulgar
- Inappropriately sexual
- Baseless personal attacks or otherwise threatening
- Contain illegal material, or material that infringes on the rights of others
- Commercial postings attempting to sell a product/item
If you violate this policy, your comment will be removed and your account may be banned.