Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/18/2008
08:20 AM
50%
50%

Universities Rocked by Data Thefts

The Universities of Miami and Virginia acknowledge lost data on stolen tapes and laptops

1:55 PM

By James Rogers
News Editor, Byte and Switch

The University of Miami and the University of Virginia are the two latest organizations to be rocked by data breaches after the theft of sensitive data affecting tens of thousands of people.

Details of the University of Miami’s security snafu are starting to emerge after officials confirmed yesterday the theft of backup tapes containing medical data and Social Security numbers on some 47,000 people.

In a statement released Thursday, the university explained that the theft occurred when a case of tapes was stolen from a vehicle in downtown Coral Gables. The vehicle had been contracted by a “private off-site storage company," though officials but did not reveal the identity of the firm involved.

Anyone who has been a patient of a University of Miami physician or visited one of the university’s medical facilities since Jan. 1, 1999, is likely to be included on the tapes, according to officials.

Information contained on the stolen media includes names, addresses, Social Security numbers, health information, and, in some cases, credit card and financial data.

”We felt that in the best interest of the physician-patient relationship, we should be transparent in this matter,” said Pascal Goldschmidt, dean of the University of Miami’s Miller School of Medicine, in a statement, adding that he is confident that patients’ data is safe.

The tapes were written in a “complex and proprietary format," making it unlikely that a thief could access the data, according to the university. When the theft occurred last month, officials also brought in security specialist Terremark to work out whether data could be accessed from a similar set of backup tapes.

”Because of the highly proprietary compression and encoding used in writing the tapes, we were unable to extract any usable data,” said Christopher Day, senior VP of Terremark’s Secure Information Services group, in a statement.

Law enforcement agencies are currently investigating the theft, although Miami is not the only university dealing with the consequences of stolen data.

The University of Virginia also hit the headlines this week following the theft of a laptop from one of its employees. The laptop contained information on more than 7,000 staff, students, and faculty, according to media reports.

Local Charlottesville newspaper The Daily Progress reports that the laptop, which contained a file with names and Social Security numbers, was stolen from an undisclosed location in Albemarle County.

This is not the first time that the University of Virginia has been struck by a data breach.

Last year a hacker broke into the university’s network and accessed the records of 5,735 faculty members, prompting the school to call in the FBI to work on the case alongside the university police and its IT workers.

The University of Virginia did not respond to Byte and Switch’s requests for comment on the stolen laptop, although the local Albemarle County Police Department is said to be investigating the theft.

Research released today by analyst firm AMI Partners reveals the staggering scale of data breaches experienced by U.S. firms, with up to 86 percent of medium-sized American businesses reporting some form of security breach or data loss in the last 12 months.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Byte and Switch's editors directly, send us a message.

  • Access Markets International (AMI) Partners Inc.
  • Terremark Worldwide Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    When It Comes To Security Tools, More Isn't More
    Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
    US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
    Seth Rosenblatt, Contributing Writer,  1/11/2021
    IoT Vendor Ubiquiti Suffers Data Breach
    Dark Reading Staff 1/11/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    2020: The Year in Security
    Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
    Flash Poll
    Assessing Cybersecurity Risk in Today's Enterprises
    Assessing Cybersecurity Risk in Today's Enterprises
    COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-28476
    PUBLISHED: 2021-01-18
    All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
    CVE-2020-28473
    PUBLISHED: 2021-01-18
    The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
    CVE-2021-25173
    PUBLISHED: 2021-01-18
    An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
    CVE-2021-25174
    PUBLISHED: 2021-01-18
    An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).
    CVE-2021-25175
    PUBLISHED: 2021-01-18
    An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 1 of 3.