University of Hawaii officials said yesterday that a hacker breached the security of a parking office computer server that contained personal information of 53,000 people.
There were 40,870 Social Security numbers and 200 credit cards that were possibly compromised, officials said.
So far, "there is no indication that any information was misused, downloaded or viewed by the hacker," who planted a virus on the computer server, said Gregg Takayama, University of Hawaii spokesman.
Although officials do not know how it happened, they believe a site in China was involved, Takayama said.
The matter was turned over to the Honolulu police, the FBI and UH’s forensics investigator.
As a safety precaution, Takayama said letters were mailed Saturday to affected people. In addition, an e-mail notice will be sent to people for whom the university does not have a mailing address, he said.
Takayama said a routine audit on June 15 discovered that someone gained unauthorized access on May 30 to a computer server used by the UH parking office.
The database contained personal information, including names, Social Security numbers, addresses, driver’s license numbers, vehicle information and credit card information. Information on other people included their UH identification numbers, which do not contain sensitive information.
The affected people included:
» UH-Manoa faculty and staff members employed in 1998.
» Anyone who did business with the parking office between Jan. 1, 1998, and June 30, 2009; anyone who purchased parking permits, including staff of the East-West Center, UH Foundation and Research Corporation of the University of Hawaii; and anyone who had a vehicle towed or who appealed a parking citation.
PRECAUTIONS AGAINST ID THEFT
People with questions about the parking office computer breach should call the university at 956-6000 or go to www.hawaii.edu/idalert.
University officials said other precautions consumers can take include monitoring monthly bank and credit card statements.
They said consumers can obtain one free credit report a year at www.annualcreditreport.com or by calling 877-322-8228.
Source: University of Hawaii
However, Takayama said students who paid for a semester parking pass using a credit card were not affected since those transactions are handled by a third-party vendor.
The 200 credit card numbers the university says could have been affected are mainly those used by people who paid for towing fees.
Social Security numbers are no longer used for parking transactions, and are being purged from all current and past parking databases. Additional security measures being taken include strengthening internal automated network monitoring practices and performing extensive evaluations of systems to identify other potential security risks.
This was the latest security breach to take place at the university.
On May 15, 2009, 15,000 student records were compromised at Kapiolani Community College. The information included names, addresses, phone numbers, birth dates and Social Security numbers. The computer was on a local network where information was kept for processing financial aid. That case was closed after it was determined that no one had been harmed financially.
Still pending is the investigation of a Feb. 4 security breach at Honolulu Community College, in which credit card information of 35 students was compromised, the university said.