Language Selection

English French German Italian Portuguese Spanish

Tufts warns of security breach

Filed under
Security

Alumni of Tufts University in Boston have been notified that personal information stored on a server used by the university for fundraising could have been exposed to intruders.

The university detected a possible security breach in an alumni and donor database after noticing abnormal activity on the server in October and December. The server was managed by a third-party vendor, according to a statement on Tufts' Web site. The incident is almost identical to a breach in March on a fundraising system used by Boston College and follows reports of other information theft incidents in recent months at California State University, Chico, and the University of California, Berkeley.

As a precaution, Tufts sent a letter on April 7 to 106,000 alumni and donors who could be affected by the breach. Tufts said it did not have any evidence that the information stored in the database was retrieved or misused, said Betsey Jay, director of advancement, communications and donor relations at Tufts.

The system in question belongs to the university but was running software from and being managed by RuffaloCODY, a software company in Cedar Rapids, Iowa, that assists nonprofit organizations with fundraising, membership and enrollment. The server was being used to support the university's Advancement telefund operation, in which students are paid to call alumni and other donors to solicit gifts for the university, Jay said.

Tufts detected a high volume of unusual behavior on the system that indicated it might have been used as a distribution point in a file-sharing network. However, university IT staff were not able to confirm that any sensitive files were copied or that there was misuse of information on the system, Jay said.

Tufts did not initially disclose the security breach but was prompted to do so after coverage of other recent security breaches, Jay said. "We started to realize that what we had seen wasn't confirmation of misuse but that we should give donors and alums the information [about the breach] as a precaution," she said.

In its letter, Tufts recommended that recipients of the letter notify their bank and ask credit bureaus to issue fraud alerts and check for any unusual activity in their name. The university also set up a toll-free support line to assist individuals whose information may have been compromised.

In March, Boston College notified 120,000 alumni that their Social Security numbers and other personal information might have been compromised. As with the incident at Tufts, that notice followed the discovery of a security breach on a third-party server that the university was using for fundraising.

BC is also a RuffaloCODY customer, according to information on RuffaloCODY's Web site. Both Tufts and BC are listed as customers of the company's CampusCall product, which is described as a phonathon automation tool. Other universities in Boston use the product as well, including MIT, Northeastern University and Harvard University Law School. However, Tufts and BC are both listed as managed sites while the other schools are not.
Calls to RuffaloCODY were not immediately returned.

The University of Massachusetts campus at Lowell is listed as a RuffaloCODY managed site as well, according to the company's Web page.

Jim Packard, an IT security specialist at UMass Lowell, said he has seen signs on campus that mentioned RuffaloCODY, but he wasn't sure whether the company operates a managed server on the campus. Calls to the UMass Lowell alumni office were not immediately returned.

Source.

More in Tux Machines

Leftovers: Software

Leftovers: Gaming

Android Leftovers

  • Android Candy: Intercoms
    Ever since my "tiny $20 tablet" project (see my Open-Source Classroom column in the March 2015 issue), I've been looking for more and more cool things to do with cheap Android devices. Although the few obvious ones like XBMC or Plex remotes work well, I've recently found that having Android devices around the house means I can gain back an old-school ability that went out of style in the late 1980s—namely, an intercom system.
  • There's a wild prank hidden in Google Maps that insults Apple in the most childishly inappropriate way
    Rawalpindi is a vibrant Pakistani city known for its bazaars, ancient ruins, and array of religious shrines. But if you pay it a visit on Google Maps, you're going to notice something very unusual on the outskirts of the city — the Android "droid" mascot urinating on the Apple logo.
  • There's an Android bot peeing on an Apple logo on Google Maps
    Sick of all the Apple Watch news today? You're in luck, because we have something completely different for you. An image of an Android mascot, also known as an Android bot or Bugdroid, peeing on an Apple logo has been discovered on Google Maps.
  • An Android robot is peeing on an Apple logo in Google Maps
  • An Android is urinating on the Apple logo in Google Maps (update)
    Google and Apple have always had their differences, but a new Easter egg inside Google Maps has just taken their rivalry to a whole new level. As spotted by Team Android, if you head to these coordinates with the regular Map view enabled, you'll see Google's iconic Android mascot taking a leak on the Apple logo. At the moment, it's unclear who created this little piece of mischief and whether Google is taking action. But if this hidden message is any indication, it was snuck through by a member of the public using Google's Map Maker service, rather than a Google employee. Regardless, it's a crazy (and pretty hilarious) addition that's sure to rile some of the employees in Cupertino. Shots fired!
  • Sony's Android TV-powered 4K televisions are ridiculously thin
    Four models from Sony’s 2015 Android TV-powered 4K television range are now available for pre-order, with shipping to begin in May. The Japanese electronics giant unveiled its 4K TV lineup for 2015 at the Consumer Electronics Show in January, but kept pricing and release information to itself, only saying the new sets would be available sometime in the spring. Those details are finally here and the TVs themselves aren’t far off.
  • Android Wear v1.1 APK has Apple references in it, but when is iOS support coming?
    That Google is working on iOS support for Android Wear is nearly undeniable at this point, but even more evidence has surfaced in case you aren’t a believer. We peeked inside the latest Android Wear update APK to see what hidden bits were swarming about, and we came across some very interesting references.
  • 5 Things to Expect from the Nexus 5 Android 5.1.1 Release
    A few weeks ago, an Android 5.1.1 update mysteriously appeared alongside an update for Google’s Android SDK. Earlier this week, Google finally confirmed the Nexus Android 5.1.1 release with an update for its Nexus Player. With an Android 5.1.1 update now on the minds of Nexus users, particularly Nexus 5 users dealing with Android 5.0 Lollipop problems, we want to take a look at what we expect from the Nexus 5 Android 5.1 release from Google.

The Turing Phone Is Super Durable and Ultra Secure

The device also sports a 13MP/8MP camera combo, 64GB / 128GB of internal storage and runs Android 5.0 Lollipop out of the box. Read more