Sunday, August 02, 2015

UTSA Honors College informs students of computer security incident

Share this Story

(Sept. 22, 2011) -- The University of Texas at San Antonio is informing 688 students and prospective students who either enrolled in or applied to courses in the Honors College that an unauthorized user may have gained access to information about them. Those affected have been notified by personal letter.

During the data exposure, the records of a few UTSA students were accessed by unauthorized users in the Honors College section of the online system. When accessed, these records were pulled into the Honors College section. These students may receive the personal letter if it was possible their records were accessed, even if they were never enrolled in the Honors College.

The data exposure was discovered Aug. 2 and information exposed included name, date of birth, address, phone number, email address, GPA and other personal information. No Social Security numbers were part of the information exposed. Within an hour of discovering the unauthorized access, UTSA officials addressed the issue and initiated an investigation.

Examination of the data exposure indicated its characteristics were not consistent with an attack designed to gather data from the system, but rather an inadvertent misconfiguration of assigned access to the information.

"While we believe the situation has been completely contained, we want to notify each individual directly to make him or her aware of the incident and provide a contact at the university who can provide additional information if needed," said Richard Diem, dean of the UTSA Honors College. "The likelihood that the information was misused is very low, but our primary concerns are informing affected individuals and working to ensure that this never occurs again."

For more information, contact the UTSA Honors College at 210-458-4106.

------------------------------

Data Exposure FAQ

  • How did the data exposure occur?
    On Aug. 2, an employee discovered that the ASAP online information system used by the UTSA Honors College and other UTSA offices was accessible by users who didn't have a business need to access the application. The problem was resolved within an hour of discovery. The exposure was caused by a configuration error implemented June 20, allowing access to ASAP by all UTSA employees with ASAP access, rather than only authorized Honors College users. A thorough analysis and investigation of the incident determined that 233 records were accessed by unauthorized employees and 455 additional records may have been accessed.
  • How many students' records were exposed?
    The records of 4,700 individuals who were either qualified for the Honors College or were Honors College alumni were exposed (open to access), but only 688 records were accessed. It was determined that 233 records were accessed by unauthorized users. An additional 455 records may have been accessed by unauthorized users; the remaining 4,012 records were not accessed.
  • Who was notified of the data exposure?
    The 688 individuals whose records were accessed or which may have been accessed by unauthorized users were notified via postal mail and email, using contacting information on file.
  • I'm part of the Honors College, but I didn't get a communication indicating that my data was exposed. How can I find out if I was affected?
    All students whose records were accessed have been notified separately by both postal mail and e-mail. (See previous question.)
  • What could someone potentially do with my exposed information?
    Since the data was exposed to UTSA employees and was not the result of an attack, there is no indication and it is unlikely that exposed data was misused. It is possible someone could use such information to try to obtain more information about you, such as in a "phishing" email claiming to come from UTSA. Date of birth is sometimes used as a question to help validate identity. Social Security numbers, driver's license information and financial account information were not exposed, so the exposed information is highly unlikely to be used for financial identity fraud. Consequently, a security freeze and credit monitoring are not recommended as the result of the data exposure. However, free credit reports can be obtained annually from the three credit bureaus, and periodically reviewing your credit reports is a good way to reduce the risk of financial identity fraud.
  • What steps should I take because of the data exposure?
    Log in to ASAP and visit the Honors College form. Check to ensure that all of your information is correct. If the information that was exposed (such as date of birth) is used by you as part of a password or as an answer to a forgotten password question, consider updating that information. If you receive an email that claims it is from UTSA, inspect it to be sure that it is not a phishing email. UTSA will not contact you to ask for personal information such as this. For more information on protection from phishing, visit the UTSA Information Technology website.
  • Does UTSA have policies and standards in place to try to prevent data exposure?
    Yes, read the UTSA information resource use and security policy and the UTSA information security standards.
  • What steps are being taken as a result of the data exposure?
    The testing process has been revised to ensure that additional testing is performed in order to detect configuration errors before changes are implemented.

UTSA will share more information as it becomes available.

 

 

Did You Know?

UTSA researcher is a star behind the cloud

A revolution in cloud computing is underway, and Ravi Sandhu believes it will be much bigger than the PC and Internet revolutions that have already changed the way we live. Sandhu, director of the UTSA Institute for Cyber Security, says UTSA is taking a leadership role in tackling three fundamental cloud technology problems: how to build and operate the cloud, how to use it profitably for diverse applications and how to keep it secure.

Sandhu, the Lutcher Brown Distinguished Chair in Cyber Security in the College of Sciences, and Ram Krishnan, assistant professor of electrical engineering in the UTSA College of Engineering, are funded by a $500,000 grant from the National Science Foundation to improve cloud security.

Did you know? Sandhu, a world-renowned cybersecurity expert, holds 30 patents, has authored more than 250 papers and been cited more than 30,000 times.

Read More »
Events
Aug. 1, 9 p.m.

"Inside Peace" documentary screening

This documentary, presented by the San Antonio Film Festival, documents the experience of re-entry after incarceration. The film features Michael Gilbert, associate professor in the department of criminal justice and director of the Office of Community and Restorative Justice program at UTSA.
Tobin Center for the Performing Arts, 100 Auditorium Circle

Aug. 4, 6 - 8 p.m.

Free Teacher Tuesday: Los Tejanos Workshop

Discover resources and strategies for teaching Tejano history and culture and get a special educator's tour of the new long-term exhibit, Los Tejanos.
Institute of Texan Cultures, 801 E. Cesar E. Chavez Blvd.

Aug. 6, 5 - 7 p,m,; 9 a.m. - 3:30 p.m.

6th Annual Texas Higher Education Symposium

This annual symposium is an opportunity to discuss Texas higher education issues and trends with Texas higher education scholars, state and local government officials, students, and campus and local community members.
Downtown Campus

Aug. 9, 12 - 5 p.m.

Vaquerocation 2015

This cowboy-themed programming, offered in conjunction with Our Kids Magazine's Kidcation Week, gives families the opportunity to visit with cowboy docents, enjoy readings and visit activity tables.
Institute of Texan Cultures, 801 E. Cesar E. Chavez Blvd.

Aug. 17, 11:30 p.m.

Midnight Light

Join President Ricardo Romo, The Spirit of San Antonio Marching Band, students, faculty and staff to light the monument at the Main Campus entrance at the stroke of midnight.
John Peace Boulevard Entrance, Main Campus

Aug. 18, 11 a.m. - 1 p.m.

President's BBQ on the Plaza

Join university President Ricardo Romo on the Bill Miller Plaza for his annual free BBQ lunch.
Bill Miller Plaza, Downtown Campus

Aug. 18, 5:30 p.m. - 7:30 p.m.

President's BBQ on the Lawn

Join university President Ricardo Romo on the Convocation Center lawn for his annual free BBQ lunch.
Convocation Center East Lawn, Main Campus

Aug. 22, 6 p.m.

UTSA Alumni Gala

The UTSA Alumni Association hosts this annual gala honoring the Alumna of the Year, Alumnus of the Year and the Alumnus of the Year Lifetime Achievement award winners.
Hyatt Regency Hill Country Resort & Spa, 9800 Hyatt Resort Dr.


Other Calendars
» UTSA Events | » Academic | » Institute of Texan Cultures

Submit an Event


Meet a Roadrunner

Julian Acosta '12 is a musician with business cred

After graduation, Queretaro native founded a music label recognized by SXSW

UTSA's Mission

The University of Texas at San Antonio is dedicated to the advancement of knowledge through research and discovery, teaching and learning, community engagement and public service. As an institution of access and excellence, UTSA embraces multicultural traditions and serves as a center for intellectual and creative resources as well as a catalyst for socioeconomic development and the commercialization of intellectual property - for Texas, the nation and the world.

UTSA's Vision

To be a premier public research university, providing access to educational excellence and preparing citizen leaders for the global environment.

UTSA's Core Values

We encourage an environment of dialogue and discovery, where integrity, excellence, inclusiveness, respect, collaboration and innovation are fostered.

Connect with UTSA News

       


Related Links

Back to Top