• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

University of Northern Iowa Admits W2 Forms Illegally Accessed

Posted on: Wednesday, 22 February 2006, 15:00 CST

By Emily Christensen, Waterloo-Cedar Falls Courier, Iowa

Feb. 22--CEDAR FALLS -- University of Northern Iowa administrators this week defended their decision to wait several days before notifying nearly 6,000 student employees and faculty members a computer containing their W2s was illegally accessed.

Garry Bozylinsky, vice president for information technology, said a virus, called a Bot, was discovered on Feb. 6. A UNI employee, who Thomas Schellhardt, vice president for administration and finance, would not identify, uploaded the forms onto a university-issued laptop to work from home on Feb. 5.

"We have a new payroll system, and this is the first time the W2s have been run off this system. We needed to improve on this system, and that is what the employee was trying to do," Schellhardt said. "The individual was working on a Sunday and wasn't able to remote in. The data was only active for about three hours."

When the virus was discovered the computer was taken off the network and information technology experts went to work on the laptop to determine what kind of virus had invaded it and if any of the information had been accessed.

"The IT people looked at it for a day or two and they decided the security people in IT needed to be contacted," Bozylinsky said. "Then after another day or two we decided we needed to talk to the administration to let them know we may want to contact people, because we were unable to prove that nothing bad had happened."

Bozylinsky added the virus, which acts like a robot to control the computer, is typically used to take over a computer and launch spam attacks. It is not usually used to gather information.

"It is highly unlikely this person ever knew what was actually on this computer, but unless we can prove nothing bad happened we felt we had to inform people," he continued.

Schellhardt said it then took several days to coordinate a list of affected employees and their addresses. Letters were mailed out last week and most people received theirs by Friday or Saturday.

Several UNI employees e-mailed the Courier over the weekend concerned about the amount of time a hacker may had been able to use the information if it was indeed collected, and also accused the university of using the time between discovery and notification to cover up the true magnitude of the situation.

"There wasn't any kind of coverup, but we wanted to find out what we had so we weren't crying wolf," Schellhardt said. "We admit this is an unfortunate thing and very regrettable. ... It is easy for me to say we worked as hard as we could to determine what the virus was and what activity took place. This was more a matter of processes, and maybe in hindsight we should have just sent out an alert to all of our employees."

The computer had been received the day before the Gilchrist fire, Schellhardt said, and had not been put through the usual virus protection before being used because IT personnel were focused on getting everyone up and running again. That process has since been changed, and Schellhardt said no university computer will be used without being safeguarded first.

-----

To see more of the Waterloo-Cedar Falls Courier, or to subscribe to the newspaper, go to http://www.wcfcourier.com.

Copyright (c) 2006, Waterloo-Cedar Falls Courier, Iowa

Distributed by Knight Ridder/Tribune Business News.

For information on republishing this content, contact us at (800) 661-2511 (U.S.), (213) 237-4914 (worldwide), fax (213) 237-6515, or e-mail reprints@krtinfo.com.

Source: Waterloo Courier

More News in this Category