Web site break-in stops UM system research
Published Feb. 6, 2007
UM system representatives warned more than 1,200 researchers to monitor their credit accounts after a system-wide server containing sensitive personal information was accessed by an unknown party.
The UM system's Research Board Grant Application System was compromised between Jan. 14 and Jan. 16, which led to the indefinite shut-down of the system.
The Multi-State Information Sharing and Analysis Center, a volunteer organization that regularly scans for threats to cyber security, discovered the Internet security breach.
University staff members were informed of the unauthorized access on Jan. 16.
The information on the compromised server might have included the names, addresses, social security numbers and passwords of researchers.
Affected researchers include those who submitted online grant applications since the system was brought online in 2002. Those who submitted applications prior to February 2002 were not affected by the security breach.
The goal of the research board grants is to raise additional funds by supporting new members to university faculty and funding new initiatives of high quality of senior faculties. Research board grants are not renewable and must fill a specific need for research support.
The application is a Web-based system that was developed for ease of receiving and processing proposals. But the system did not have up-to-date safeguards to guard against increased Internet threats, according to the UM system Web site.
The original competition deadline for the grants was Feb. 5 but has been delayed until mid-March to compensate for the delay caused by the breach, according to the Web site.
The Web submission application has been shut down indefinitely while the system is upgraded.
UM system spokesman Scott Charton said the system is close to having a new means to submit research grant proposals for the competition.
"As soon as the site is complete, they're going to have a deadline of 30 days out from when it's ready to go," Charton said.
He said the new system would be available in mid- to late-February.
Researchers will be notified when the new application is online through e-mails sent to the faculty in each research office, Charton said.
The e-mails sent out to individuals whose accounts were potentially affected included notification of the unauthorized access as well as instructions on how to protect themselves from credit fraud or unauthorized password use.
Charton said since the system was compromised, there have been no reports of identity theft.
"We're not even sure if they saw the social security numbers," Charton said. "They're just trying to be cautious about that, and let everyone know."