Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/18/2008
08:20 AM
50%
50%

Universities Rocked by Data Thefts

The Universities of Miami and Virginia acknowledge lost data on stolen tapes and laptops

1:55 PM

By James Rogers
News Editor, Byte and Switch

The University of Miami and the University of Virginia are the two latest organizations to be rocked by data breaches after the theft of sensitive data affecting tens of thousands of people.

Details of the University of Miami’s security snafu are starting to emerge after officials confirmed yesterday the theft of backup tapes containing medical data and Social Security numbers on some 47,000 people.

In a statement released Thursday, the university explained that the theft occurred when a case of tapes was stolen from a vehicle in downtown Coral Gables. The vehicle had been contracted by a “private off-site storage company," though officials but did not reveal the identity of the firm involved.

Anyone who has been a patient of a University of Miami physician or visited one of the university’s medical facilities since Jan. 1, 1999, is likely to be included on the tapes, according to officials.

Information contained on the stolen media includes names, addresses, Social Security numbers, health information, and, in some cases, credit card and financial data.

”We felt that in the best interest of the physician-patient relationship, we should be transparent in this matter,” said Pascal Goldschmidt, dean of the University of Miami’s Miller School of Medicine, in a statement, adding that he is confident that patients’ data is safe.

The tapes were written in a “complex and proprietary format," making it unlikely that a thief could access the data, according to the university. When the theft occurred last month, officials also brought in security specialist Terremark to work out whether data could be accessed from a similar set of backup tapes.

”Because of the highly proprietary compression and encoding used in writing the tapes, we were unable to extract any usable data,” said Christopher Day, senior VP of Terremark’s Secure Information Services group, in a statement.

Law enforcement agencies are currently investigating the theft, although Miami is not the only university dealing with the consequences of stolen data.

The University of Virginia also hit the headlines this week following the theft of a laptop from one of its employees. The laptop contained information on more than 7,000 staff, students, and faculty, according to media reports.

Local Charlottesville newspaper The Daily Progress reports that the laptop, which contained a file with names and Social Security numbers, was stolen from an undisclosed location in Albemarle County.

This is not the first time that the University of Virginia has been struck by a data breach.

Last year a hacker broke into the university’s network and accessed the records of 5,735 faculty members, prompting the school to call in the FBI to work on the case alongside the university police and its IT workers.

The University of Virginia did not respond to Byte and Switch’s requests for comment on the stolen laptop, although the local Albemarle County Police Department is said to be investigating the theft.

Research released today by analyst firm AMI Partners reveals the staggering scale of data breaches experienced by U.S. firms, with up to 86 percent of medium-sized American businesses reporting some form of security breach or data loss in the last 12 months.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Byte and Switch's editors directly, send us a message.

  • Access Markets International (AMI) Partners Inc.
  • Terremark Worldwide Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Cloud Security Threats for 2021
    Or Azarzar, CTO & Co-Founder of Lightspin,  12/3/2020
    Why Vulnerable Code Is Shipped Knowingly
    Chris Eng, Chief Research Officer, Veracode,  11/30/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: This comment is waiting for review by our moderators.
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    Assessing Cybersecurity Risk in Todays Enterprises
    Assessing Cybersecurity Risk in Todays Enterprises
    COVID-19 has created a new IT paradigm in the enterprise and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-27772
    PUBLISHED: 2020-12-04
    A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could po...
    CVE-2020-27773
    PUBLISHED: 2020-12-04
    A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to appli...
    CVE-2020-28950
    PUBLISHED: 2020-12-04
    The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
    CVE-2020-27774
    PUBLISHED: 2020-12-04
    A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but co...
    CVE-2020-27775
    PUBLISHED: 2020-12-04
    A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but c...