Language Selection

English French German Italian Portuguese Spanish

Tufts warns of security breach

Filed under
Security

Alumni of Tufts University in Boston have been notified that personal information stored on a server used by the university for fundraising could have been exposed to intruders.

The university detected a possible security breach in an alumni and donor database after noticing abnormal activity on the server in October and December. The server was managed by a third-party vendor, according to a statement on Tufts' Web site. The incident is almost identical to a breach in March on a fundraising system used by Boston College and follows reports of other information theft incidents in recent months at California State University, Chico, and the University of California, Berkeley.

As a precaution, Tufts sent a letter on April 7 to 106,000 alumni and donors who could be affected by the breach. Tufts said it did not have any evidence that the information stored in the database was retrieved or misused, said Betsey Jay, director of advancement, communications and donor relations at Tufts.

The system in question belongs to the university but was running software from and being managed by RuffaloCODY, a software company in Cedar Rapids, Iowa, that assists nonprofit organizations with fundraising, membership and enrollment. The server was being used to support the university's Advancement telefund operation, in which students are paid to call alumni and other donors to solicit gifts for the university, Jay said.

Tufts detected a high volume of unusual behavior on the system that indicated it might have been used as a distribution point in a file-sharing network. However, university IT staff were not able to confirm that any sensitive files were copied or that there was misuse of information on the system, Jay said.

Tufts did not initially disclose the security breach but was prompted to do so after coverage of other recent security breaches, Jay said. "We started to realize that what we had seen wasn't confirmation of misuse but that we should give donors and alums the information [about the breach] as a precaution," she said.

In its letter, Tufts recommended that recipients of the letter notify their bank and ask credit bureaus to issue fraud alerts and check for any unusual activity in their name. The university also set up a toll-free support line to assist individuals whose information may have been compromised.

In March, Boston College notified 120,000 alumni that their Social Security numbers and other personal information might have been compromised. As with the incident at Tufts, that notice followed the discovery of a security breach on a third-party server that the university was using for fundraising.

BC is also a RuffaloCODY customer, according to information on RuffaloCODY's Web site. Both Tufts and BC are listed as customers of the company's CampusCall product, which is described as a phonathon automation tool. Other universities in Boston use the product as well, including MIT, Northeastern University and Harvard University Law School. However, Tufts and BC are both listed as managed sites while the other schools are not.
Calls to RuffaloCODY were not immediately returned.

The University of Massachusetts campus at Lowell is listed as a RuffaloCODY managed site as well, according to the company's Web page.

Jim Packard, an IT security specialist at UMass Lowell, said he has seen signs on campus that mentioned RuffaloCODY, but he wasn't sure whether the company operates a managed server on the campus. Calls to the UMass Lowell alumni office were not immediately returned.

Source.

More in Tux Machines

Linux Foundation LFCS and LFCE: Alberto Bullo

I started using Linux few years ago out of curiosity when my old computer started to get slow and wanted to try something lighter. At the time, I had a disk of Fedora lying around from a conference and managed to get it installed and working. Since then, I started using it for everyday tasks to get more familiar with the alternative software. I really liked the fact that I could select any distro I wanted and have full control of the operating system. I also used Linux for university projects and started to better understand how to use the utilities and services. Open source projects caught my attention when I started using them on my first job as they gave me the ability to adjust the features and code to my needs but also to contribute back to the community. I then started visiting open source conferences to get more involved and became a big fan of the initiative. Read more

RF-enabled Raspberry Pi add-on brings Google Assistant to gizmos, speakers, and robots

JOY-iT and Elector have launched a $42 “Talking Pi” RPi add-on that enables Google Home/AIY compatible voice activation of home automation devices linked to the Pi’s GPIO, and includes a mic board, PWM servo controls, and support for a 433MHz SRD radio. Elektor has begun selling a $42, open source voice control add-on board that is programmable via the Google Assistant SDK. Built by Germany based JOY-iT, and marketed by Conrad Business Supplies, the RF-enabled Talking Pi enables voice control of home automation equipment such as smart lights, power sockets, and other gizmos via addressable extensions to the Raspberry Pi’s GPIO. Read more

How To Install Windows 10 In Virtualbox On Linux

​You might be a developer and just want to try out your application in a Windows environment, or just want the thrill of doing something in Windows 10. Well, the solution might be as easy as using Virtualbox to install windows 10 unlike installing it on your machine, which may bring may problems to your Linux installation such as grub being overwritten. Read
more

OSS Leftovers and Security

  • How to get all the benefits of open source software
    Open source software continues its meteoric rise, as more and more large enterprises weave open source code into various areas of their operations, increasingly shunning the big-name, proprietary software vendors. In fact, according to open source software development company, Sonatype, represented locally by 9TH BIT Consulting, 7,000 new open source software projects kick-off around the world every week, while 70,000 new open source components are released. Accessing this massive ‘hivemind’ of software development expertise is a highly attractive prospect for CIOs and business managers in all industries.
  • What is open source?
    What is open source software and how do vendors make their money? We answer your questions Open source is the foundation of modern technology. Even if you don't know what it is, chances are you've already used it at least once today. Open source technology helped build Android, Firefox, and even the Apache HTTP server, and without it, the internet as we know it would simply not exist. The central idea behind open source is a simple one: many hands make light work. In short, the more people you have working on something, the quicker and easier it is to do. As it applies to software development, this means opening projects up to the public to let people freely access, read and modify the source code.
  • Open Source Initiative Announces New Partnership With Adblock Plus
    Adblock Plus, the most popular Internet ad blocker today, joins The Open Source Initiative® (OSI) as corporate sponsors. Since its very first version, Adblock Plus has been an open source project that has developed into a successful business with over 100 million users worldwide. As such, the German company behind it, eyeo GmbH, has decided it is time to give back to the open source community. Founded in 1998, the OSI protects and promotes open source software, development and communities, championing software freedom in society through education, collaboration, and infrastructure. Adblock Plus is an open source project that aims to rid the Internet of annoying and intrusive online advertising. Its free web browser extensions (add-ons) put users in control by letting them block or filter which ads they want to see.
  • What if Open-Source Software Can Replace Dozens of Multi-Billion Dollar Companies? That is Exactly What Origin Protocol Wants to do Using Blockchain
  • Bonitasoft gets cute on AWS for low-code BPM
    There has been an undeniable popularisation of so-called ‘low-code’ programming platforms. This is a strain of technology designed to provide automated blocks of functionality that can be brought together by non-technical staff to perform specific compute and analysis tasks to serve their own business objectives.
  • Red Hat Certification: for developers too!
    Red Hat’s certification program provides validation of IT professionals’ skills and knowledge using our subscription products. Red Hat’s certifications carry credibility in the market because they are all earned by taking one or more hands-on, practical exams that last multiple hours. Like most programs offered by technology vendors, our most familiar certifications are those for system administrators.
  • LXD Weekly Status #30
    The main highlight for this week was the inclusion of the new proxy device in LXD, thanks to the hard work of some University of Texas students! The rest of the time was spent fixing a number of bugs, working on various bits of kernel work, getting the upcoming clustering work to go through our CI process and preparing for a number of planning meetings that are going on this week.
  • GitHub Alternative SourceForge Vies for Comeback with Redesigned Site
    SourceForge wants to be more than just another GitHub alternative, but an additional repository for developers to utilize to help gain users.
  • The Clock Is Ticking for Chip Flaw Fixes to Start Working
    Cures for the pervasive Meltdown and Spectre chip flaws aren’t working, and hacks may soon be incoming.
  • Intel: No Financial Meltdown
    Yves here. It is telling that the very measured Bruegel website is pretty bothered that Intel looks likely to get away with relatively little in the way of financial consequences as a result of its Spectre and Meltdown security disasters. This is a marked contrast with Volkswagen, where the company paid huge fines and executives went to jail. However, it was the US that went after a foreign national champion. The US-dominated tech press is still frustratingly given the Intel train wrecks paltry coverage relative to their importance.
  • CIP related work during the second half of 2017
    As you probably know by now, I have been involved in the Civil Infrastructure Project (CIP), a Linux Foundation Initiative formed in 2016, representing Codethink, a founder Member and coordinating the engineering work in two areas within the project: