A new case of unauthorized computer access has been identified at the University of Colorado at Boulder as a result of current investigations and new procedures that were put in place following a series of computer breaches during the last month.
The potentially exposed information includes about 49,000 database entries on a server containing ancillary information used by the Registrar's Office. The information is not a primary database of the Registrar's Office.
"It was through the work we have been doing as a result of the earlier breaches that we discovered this incident," said Dan Jones, information technology security coordinator for CU-Boulder. "Discovery of this computer access is a direct result of the risk assessment we are in the process of implementing, which ultimately will improve security for campus servers that contain the most sensitive data."
The campus administration has begun implementing a plan to improve security for the 6,000 servers and 20,000 computers on campus, particularly for those most likely to be targeted in cases of identity theft, according to Bobby Schnabel, vice provost for academic and campus technology.
"The university is very concerned about computer security and we're working hard to ensure our policies and security measures promote a high degree of confidentiality," said Schnabel. "This includes a detailed risk assessment of key departments by an outside security firm, measures to limit external access to our servers and encryption of sensitive data wherever possible."
The new incident creates a potential identity theft problem for former students and some current students. Faculty and staff are not affected. Sensitive information that may have been accessed includes Social Security numbers, names, permanent addresses and phone numbers.
The information dates from June 1999 to May 2001 and from fall 2003 to summer 2005.
There was no credit card or bank account information stored on the server and upon discovery of the breach, the server was immediately taken offline.
Although there is no evidence that personal information was stolen or used, the university is notifying individuals of potential identity theft so they may take precautions. In addition, law enforcement agencies are assisting with the university's investigation.
The university will issue letters to affected individuals about the unauthorized access, said Barbara Todd, CU-Boulder registrar. The university also is providing instructions on how to protect against potential fraud and identity theft.
Information about the Registrar's Office security incident has been posted on a campus Web site -- -- with links to the Registrar's Office site and the News Center site. The online resource page will help affected persons determine the steps they should take to protect their identity. Another useful Web site resource page posted by CU-Boulder's ITS department last winter is at .
In addition, a hotline has been established to respond to individual inquiries. The hotline number is (303) 492-8741.
The university has moved to limit the use of Social Security numbers and other personally identifiable information where use of such information is not necessary. As part of those changes, on April 10 the university finished converting more than 750,000 students' identification numbers from Social Security numbers to a new unique student ID number that cannot be used for obtaining or extending credit.