News

Stanford reports security breach, urges password changes

Stanford University is investigating what appears to be a breach in its information technology infrastructure but the university stated that it doesn't yet know the scope of the intrusion.

Stanford is asking everyone with a Stanford University Network ID to change their passwords as a precautionary measure, and it warned that the process may have to repeated as it learns more about the breach.

The university stated in a press release that it wasn't aware of any protected health information, personal financial information or Social Security numbers being compromised. It stated it doesn't conduct classified research that could be compromised.

Stanford stated that the attack was similar to an attack on a range of companies and large organizations in the U.S. and is working with security consultants and law enforcement to determine its source and impact.

Help sustain the local news you depend on.

Your contribution matters. Become a member today.

Join

Follow Palo Alto Online and the Palo Alto Weekly on Twitter @paloaltoweekly, Facebook and on Instagram @paloaltoonline for breaking news, local events, photos, videos and more.

Stanford reports security breach, urges password changes

Uploaded: Thu, Jul 25, 2013, 8:56 am

Stanford University is investigating what appears to be a breach in its information technology infrastructure but the university stated that it doesn't yet know the scope of the intrusion.

Stanford is asking everyone with a Stanford University Network ID to change their passwords as a precautionary measure, and it warned that the process may have to repeated as it learns more about the breach.

The university stated in a press release that it wasn't aware of any protected health information, personal financial information or Social Security numbers being compromised. It stated it doesn't conduct classified research that could be compromised.

Stanford stated that the attack was similar to an attack on a range of companies and large organizations in the U.S. and is working with security consultants and law enforcement to determine its source and impact.

Comments

maguro_01
Mountain View
on Jul 26, 2013 at 7:53 am
maguro_01, Mountain View
on Jul 26, 2013 at 7:53 am

Assuming that the hack wasn't an inside job, a reasonable assumption, then this breakin plus the F-35 data thefts, and others we read about should rationally put an end to the notion that there is such a thing as security for systems with connectivity to the Internet. It may be inconvenient and more expensive but separate non-connected systems offer the only relative security.

The F-35 breach sounded as though it will cost 10's of billions up and may cost lives. Some fairly high level people should be fired for that one. There should be more strict and expensive liability for breaches that leak SS numbers and other personal data. Today we have factories where a $1200 dollar PC running a multimillion dollar machine is reachable from the Net. Perish the thought that a refinery, pipe line, power plant, or reactor could be hacked if they are connected. It is proposed that the power grid be run off the Net though the power companies have right of way everywhere.

Of course to connect to the world or not is a risk/benefit calculation, but the fact is that most workers have no real need for external Internet connectivity at all. It's a perq. There can be a physically separate net(s) for those that do. Cloud connectivity and BYOD may need to be separated. Yes it's an expense, but a breach may be very expensive indeed. Tort lawyers should have a field day. Failures like Stanford's can be used to show that Internet security is illusory. That's a compliment.


Don't miss out on the discussion!
Sign up to be notified of new comments on this topic.

Post a comment

Sorry, but further commenting on this topic has been closed.