Language Selection

English French German Italian Portuguese Spanish

Tufts warns of security breach

Filed under
Security

Alumni of Tufts University in Boston have been notified that personal information stored on a server used by the university for fundraising could have been exposed to intruders.

The university detected a possible security breach in an alumni and donor database after noticing abnormal activity on the server in October and December. The server was managed by a third-party vendor, according to a statement on Tufts' Web site. The incident is almost identical to a breach in March on a fundraising system used by Boston College and follows reports of other information theft incidents in recent months at California State University, Chico, and the University of California, Berkeley.

As a precaution, Tufts sent a letter on April 7 to 106,000 alumni and donors who could be affected by the breach. Tufts said it did not have any evidence that the information stored in the database was retrieved or misused, said Betsey Jay, director of advancement, communications and donor relations at Tufts.

The system in question belongs to the university but was running software from and being managed by RuffaloCODY, a software company in Cedar Rapids, Iowa, that assists nonprofit organizations with fundraising, membership and enrollment. The server was being used to support the university's Advancement telefund operation, in which students are paid to call alumni and other donors to solicit gifts for the university, Jay said.

Tufts detected a high volume of unusual behavior on the system that indicated it might have been used as a distribution point in a file-sharing network. However, university IT staff were not able to confirm that any sensitive files were copied or that there was misuse of information on the system, Jay said.

Tufts did not initially disclose the security breach but was prompted to do so after coverage of other recent security breaches, Jay said. "We started to realize that what we had seen wasn't confirmation of misuse but that we should give donors and alums the information [about the breach] as a precaution," she said.

In its letter, Tufts recommended that recipients of the letter notify their bank and ask credit bureaus to issue fraud alerts and check for any unusual activity in their name. The university also set up a toll-free support line to assist individuals whose information may have been compromised.

In March, Boston College notified 120,000 alumni that their Social Security numbers and other personal information might have been compromised. As with the incident at Tufts, that notice followed the discovery of a security breach on a third-party server that the university was using for fundraising.

BC is also a RuffaloCODY customer, according to information on RuffaloCODY's Web site. Both Tufts and BC are listed as customers of the company's CampusCall product, which is described as a phonathon automation tool. Other universities in Boston use the product as well, including MIT, Northeastern University and Harvard University Law School. However, Tufts and BC are both listed as managed sites while the other schools are not.
Calls to RuffaloCODY were not immediately returned.

The University of Massachusetts campus at Lowell is listed as a RuffaloCODY managed site as well, according to the company's Web page.

Jim Packard, an IT security specialist at UMass Lowell, said he has seen signs on campus that mentioned RuffaloCODY, but he wasn't sure whether the company operates a managed server on the campus. Calls to the UMass Lowell alumni office were not immediately returned.

Source.

More in Tux Machines

Servo Night Builds Begin, Linux Packages Coming

The Mozilla developers working on the Servo browser layout engine and the Browser.html HTML-based web UI have kept to their goal of making a tech preview available in June. As of last night, the Servo developers hit their tech preview milestone we've been looking forward to seeing for months. Nightly builds of Servo and Browser.html have begun and they are going to be making available Linux packages shortly. Read more

Android Leftovers

Leftovers: OSS

  • Modern open source systems management
    Open source IT systems management is undergoing a renaissance. Adopters include global, household-name enterprises, as well as a groundswell of IT operations teams that are borrowing flexible, collaborative practices from the Agile software development movement. Some open source IT systems management tools are familiar to most admins, with broad adoption -- think Nagios or the Elasticsearch, Logstash and Kibana stack. Others -- Docker is a prime example -- burst onto the scene recently and are shaking up IT deployments.
  • Code Alliance connects nonprofits with tech volunteers
    Code Alliance is a Benetech initiative that connects technology professionals to volunteer opportunities with open source software projects for social good. On the first day of the CHI4GOOD conference, we brought over 40 projects to the San Jose Convention Center to participate in a hack4good Day of Service event. More than 100 developers, UX designers, and researchers came together to help our nonprofit cohort with their technological needs. The nonprofits benefitted from expert technical development work, and the volunteers were gracious, skilled, and excited to leverage their professional skills to give back.
  • Nonprofit's Open Source Designs Reduce Cost Barriers for Startups
    A project that originated in "The Middle of Nowhere, Missouri," as the founders call it, aims to lower the barrier to entry across a number of industries, all while maintaining a sustainable footprint. It's called Open Source Ecology (OSE), the brainchild of Marcin Jakubowski, founder of the Factor E Farm in Missouri where OSE is based.
  • The Open Building Institute - A Sustainable Way to Build Modular Housing
  • Open Building Institute is revolutionizing sustainable home building through open-source technologies
  • Pulp Smash Introduction
    Pulp Smash is a functional test suite for Pulp. It’s used by the Pulp developers and Pulp QE team on a daily basis. It’s implemented as a GPL licensed pure Python library, and getting started is as simple as installing Python and executing the following...
  • How Oracle’s business as usual is threatening to kill Java
    Stop me if you've heard this one before: Oracle has quietly pulled funding and development efforts away from a community-driven technology where customers and partners have invested time and code. It all seems to be happening for no reason other than the tech isn't currently printing money. It's a familiar pattern for open source projects that have become the property of Oracle. It started with OpenSolaris and continued with OpenOffice.org. And this time, it's happening to Java—more specifically to Java Enterprise Edition (Java EE), the server-side Java technology that is part of hundreds of thousands of Internet and business applications. Java EE even plays an integral role for many apps that aren't otherwise based on Java. For months as Oracle Corporation's attorneys have battled Google in the courts over the use of Java interfaces in Android's Davlik programming language, Oracle's Java development efforts have slowed. And in the case of Java EE, they've come to a complete halt. The outright freeze has caused concerns among companies that contribute to the Java platform and among other members of the Java community—a population that includes some of Oracle's biggest customers.
  • Friday's security updates

Openwashing