PSU Uncovers Unauthorized Access to Web Servers—No Evidence that Sensitive Data Compromised

September 21st, 2007 by Adam

PLYMOUTH, N.H. – Plymouth State University information technology officials uncovered evidence that hackers infiltrated University Web servers over a year ago.

PSU system logs indicate that a malicious program was posted in a Web application. The application appears to have tampered with Web page content and directed users and Web traffic to an international Web site promoting the sale of software. University officials believe no private information, including student, employee, or alumni records, was accessed or compromised.

PSU technology staff uncovered the breach on Wednesday, Sept. 19, 2007. System records indicate that the program was placed on a University Web server in April 2006 and was active for several months. The program has been removed.

PSU’s Chief Information Officer, Dwight Fischer, confirmed that the system was breached, and PSU Web servers were used as a relay station for commercial purposes, a common ploy of Internet hackers.

“We place the highest regard for security on our network and information systems,” he said. “We catch thousands of these threats at our network gates every day. It is through the diligent efforts of our technology staff that this breach was discovered. System security is one of the greatest challenges facing any information technology department today. What our staff did to uncover this is akin to finding a needle in a haystack.”

PSU will continue to monitor its system logs to ensure that no further unauthorized activity has occurred.

For more information contact Christopher M. Williams, director of public relations, at cwilliams@plymouth.edu or (603) 535-2476.

-end-