About 6,000 University of Washington employees were notified this week that their names and Social Security numbers were on a parking-management computer system that was hacked.
About 6,000 University of Washington employees were notified this week that their names and Social Security numbers were on a computer system that was hacked.
“I want to make you aware that the security breach occurred,” wrote UW transportation-services director Joshua Kavanagh, “so that you can take steps that you feel may be appropriate to protect yourself from the potential misuse of your personal information.”
A UW police report indicates that two parking-management computer servers were hacked starting around Dec. 6 last year. An initial on-site review by the UW on Dec. 30 showed “obvious signs of compromise,” prompting the university to take the servers offline, according to the report.
The incident has raised questions: Why did it take the UW three months to inform employees? And what were Social Security numbers doing on a parking computer to begin with?
Most Read Stories
Kirk Bailey, the UW’s chief information-security officer, said that although there were signs of something amiss last year, it took until the end of February or the beginning of March to complete an investigation.
“A full-blown computer forensic investigation is a time-consuming and thorough process,” Bailey said.
He said Social Security numbers were routinely used by the university as employee-identification numbers until about seven years ago. But some UW computers, he said, still contain that “legacy” data.
The UW is interested in tracking down other computers that still may contain such sensitive data, Bailey said. But finding all those computers, given the breadth of the university and the large number of different systems, would be no easy task, he said.
Bailey said it is not known why the hacker or hackers wanted to get into the system or what they did once there. There is no evidence to show whether any personal information was downloaded.
Computers often are hacked so that dishonest operators can shoot out spam or store illicit information, Bailey added.
Nick Perry: 206-515-5639 or email@example.com