No Section

Hacker bragged about Metro State security breach

Officials warn students, staff to take precautions against identity theft.

By Maura Lerner

January 17, 2015 at 2:38AM

When they first heard that someone had bragged in a blog post about hacking into their website, officials at Metropolitan State University weren't sure what to make of it.

The hacker, they were told, appeared to be a teenager from Australia who claimed to have attacked Metro State's website, and dozens of others, on a whim.

Within a week, they discovered that it was no idle boast.

On Friday, the university announced that it was investigating a security breach that could have exposed personal information about an unknown number of students, faculty and staff.

In a campuswide e-mail, interim president Devinder Malhotra disclosed Friday that a university database had been breached, and that people on campus should be on the alert for identity theft.

"We do not believe this server contained any financial data or credit card information," he wrote, but it did include personal information, including employee Social Security numbers.

Officials say they learned about the problem Jan. 2, when a cybersecurity service notified the university about the hacker's blog post.

"This particular person was claiming to have hacked into 75 different websites, and we were just one of those," said Anne Sonnee, interim vice president for communications.

She said the university waited until Friday to announce the security breach because it took time to verify that someone had, in fact, hacked into the system and improperly accessed information and to disable the flaw in the security system. She said officials wanted to ensure that the system was protected "from further attack" before going public and risking "copycat" hackers.

She said she had no information on whether investigators have been able to trace the identity of the hacker. She said the Secret Service is investigating.

At this point, Sonnee said, it's still not clear what information the hacker obtained from the school's database.

The university has switched its website to a new server to prevent further security breaches. That change resulted in some computer glitches for students and others trying to access the Metro State website Friday. Sonnee said staff would be working through the weekend to fix those problems.

The school has about 11,500 students and 1,200 faculty and staff.

In the campus e-mail, Malhotra urged faculty, staff and students to watch for suspicious activity on their credit cards and other financial transactions. "The university sincerely regrets this apparent breach and any inconvenience it may cause," he wrote.

Maura Lerner • 612-673-7384

about the writer

about the writer

Maura Lerner

See Moreicon

More from No Section

See More

No Section

Eviction filings up in Minnesota amid ICE surge

FILE -- A rent deposit slot at an apartment complex in Tucker, Ga., on July 21, 2020. As an eviction crisis has seemed increasingly likely this summer, everyone in the housing market has made the same plea to Washington: Send money — lots of it — that would keep renters in their homes and landlords afloat. (Melissa Golden/The New York Times) ORG XMIT: XNYT58
Melissa Golden/The New York Times

It’s too soon to tell how much the immigration crackdown is to blame.

No Section

How do Minnesota pros prepare for a game? Collier, Faber, Gobert and others showed us.

Staff headshot
Chip Scoggins

No Section

Business newsletter bottom