Moraine Park Technical College reports a breach that took place two years ago
Technorati Tag: Security Breach
Date Reported:
7/29/08
Organization:
Moraine Park Technical College
Contractor/Consultant/Branch:
None
Victims:
"customers who purchased books and supplies between 2002 and July 2006"
Number Affected:
Unknown
Types of Data:
Unknown
Breach Description:
"Moraine Park Technical College, with campuses in Beaver Dam, Fond du Lac and West Bend, sent a letter to its bookstore customers on Tuesday notifying them of an incident that occurred when the equipment hosting the system provided by the bookstore software provider experienced a security breach."
Reference URL:
Beaver Dam Daily Citizen
Fond du Lac Reporter
Report Credit:
Fond du Lac Reporter
Response:
From the online sources cited above:
Customers of the bookstores located at three Moraine Park Technical College campuses were notified Tuesday of a security breach that occurred in July 2006.
[Evan] I think we are reading this right, the breach occurred 2 years ago!
According to Moraine Park President Gayle Hytrek, the information affects only those customers who purchased books and supplies between 2002 and July 2006.
[Evan] Only 4 years worth of purchases. According to the "District Fact Sheet", there were 23,191 enrollees during 2005-2006. I would think that a vast majority of students are bookstore customers, so this may give some indication as to the size of the breach.
Hytrek said the college has been working with its bookstore software provider to ensure an incident of this nature does not reoccur with bookstore purchases.
[Evan] It is not clear what role the software provider plays in the breach exactly. Is it safe to assume that this breach was the result of an exploit of a technical vulnerability in the software? If so, was there a patch available and the college neglected to patch or was there no patch available? Speculate and more speculate which is what we do when we have few facts.
She also indicated that at this point, there is no reason to believe any records have been compromised or used inappropriately, according to a press release from the college.
[Evan] At this point, people have no choice but to take the college's word for it.
Letters were sent to bookstore customers notifying them of an incident that occurred when the equipment hosting the system provided by the bookstore software provider experienced a security breach.
MPTC operates campuses in Beaver Dam, Fond du Lac and West Bend.
"We still felt it was important to notify those individuals who have used our bookstore services," said Hytrek. "This is a regrettable incident, and every effort is being made to assure that the concerns and questions of those affected are addressed."
[Evan] It stinks to be notified and be left with questions.
Hytrek also stated that this incident is unusual in its nature and she emphasized the safety of using Moraine Park's college bookstore services.
[Evan] Yes, so don't hesitate to spend money!
Commentary:
This is the second breach in a row for which there are very few publicly available facts or details. What is an affected person supposed to do? How does a breach go undetected for two years?
If a reader has access to a copy of the notification sent to victims, we would be very interested in reading it.
Past Breaches:
Unknown
Date Reported:7/29/08
Organization:
Moraine Park Technical College
Contractor/Consultant/Branch:
None
Victims:
"customers who purchased books and supplies between 2002 and July 2006"
Number Affected:
Unknown
Types of Data:
Unknown
Breach Description:
"Moraine Park Technical College, with campuses in Beaver Dam, Fond du Lac and West Bend, sent a letter to its bookstore customers on Tuesday notifying them of an incident that occurred when the equipment hosting the system provided by the bookstore software provider experienced a security breach."
Reference URL:
Beaver Dam Daily Citizen
Fond du Lac Reporter
Report Credit:
Fond du Lac Reporter
Response:
From the online sources cited above:
Customers of the bookstores located at three Moraine Park Technical College campuses were notified Tuesday of a security breach that occurred in July 2006.
[Evan] I think we are reading this right, the breach occurred 2 years ago!
According to Moraine Park President Gayle Hytrek, the information affects only those customers who purchased books and supplies between 2002 and July 2006.
[Evan] Only 4 years worth of purchases. According to the "District Fact Sheet", there were 23,191 enrollees during 2005-2006. I would think that a vast majority of students are bookstore customers, so this may give some indication as to the size of the breach.
Hytrek said the college has been working with its bookstore software provider to ensure an incident of this nature does not reoccur with bookstore purchases.
[Evan] It is not clear what role the software provider plays in the breach exactly. Is it safe to assume that this breach was the result of an exploit of a technical vulnerability in the software? If so, was there a patch available and the college neglected to patch or was there no patch available? Speculate and more speculate which is what we do when we have few facts.
She also indicated that at this point, there is no reason to believe any records have been compromised or used inappropriately, according to a press release from the college.
[Evan] At this point, people have no choice but to take the college's word for it.
Letters were sent to bookstore customers notifying them of an incident that occurred when the equipment hosting the system provided by the bookstore software provider experienced a security breach.
MPTC operates campuses in Beaver Dam, Fond du Lac and West Bend.
"We still felt it was important to notify those individuals who have used our bookstore services," said Hytrek. "This is a regrettable incident, and every effort is being made to assure that the concerns and questions of those affected are addressed."
[Evan] It stinks to be notified and be left with questions.
Hytrek also stated that this incident is unusual in its nature and she emphasized the safety of using Moraine Park's college bookstore services.
[Evan] Yes, so don't hesitate to spend money!
Commentary:
This is the second breach in a row for which there are very few publicly available facts or details. What is an affected person supposed to do? How does a breach go undetected for two years?
If a reader has access to a copy of the notification sent to victims, we would be very interested in reading it.
Past Breaches:
Unknown
Posts Atom 1.0
Comments