The University of Maine police department is investigating a data breach of which has lead to the exposure of personal and medical information of almost 5,000 students between the summer of 2002 and this past week.
According to a press release from the university, the servers which have been breached were the ones that stored information from the UMaine Counseling Center, which provides mental health services to the university’s student population. The compromised database includes “names, social security numbers and clinical information relative to every student who engaged counseling center services between Aug. 8, 2002 and June 21 of this year.” The university estimates that 4,585 students’ information were exposed.
Any students or former student who used the Counseling Center during that time should assume that he or she is affected, according to the press release.
“There is no indication that data were viewed, compromised or downloaded from either of these servers, but we are operating according to a worst-case scenario,” said Robert Dana, the UMaine vice president for student affairs. “In any case like this, identity theft must be a top concern and consequently we are taking strong measures to assist those whose information may have been exposed and to prevent further security intrusions.”
The university began an investigation on June 16 after Counseling Center staff reported they were having difficulty accessing servers. The investigation revealed that a hacker or hackers had gained access to a server storing archived information from 2002 to 2005 as early as March 4 of this year. Some time later he or she accessed a second server which contained the Counseling Center’s active database, according to the press release.
“The high-level safeguards we have in place routinely thwart these attempts, but they were not adequate in this case,” Dana said. “This is a serious breach, and we are profoundly sorry that this has happened.”
The university has said in the release that police will not disclose how the hackers used to access the servers in order to “preserve the integrity of the investigation.” The university’s department of public safety will be consulting with the U.S. Attorney’s office and the computer crimes experts from the U.S. Secret Service.
The university has hired a company to provide credit monitoring for students and former students who may have been affected by the data breach. The company, Debix, will watch those individuals credit for fraudulent activity. The university will also be sending letters in early July to those affected who inform them how to access those services, which will be provided at no cost to them.
-
- University of Maine logo
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.