Language Selection

English French German Italian Portuguese Spanish

Tufts warns of security breach

Filed under
Security

Alumni of Tufts University in Boston have been notified that personal information stored on a server used by the university for fundraising could have been exposed to intruders.

The university detected a possible security breach in an alumni and donor database after noticing abnormal activity on the server in October and December. The server was managed by a third-party vendor, according to a statement on Tufts' Web site. The incident is almost identical to a breach in March on a fundraising system used by Boston College and follows reports of other information theft incidents in recent months at California State University, Chico, and the University of California, Berkeley.

As a precaution, Tufts sent a letter on April 7 to 106,000 alumni and donors who could be affected by the breach. Tufts said it did not have any evidence that the information stored in the database was retrieved or misused, said Betsey Jay, director of advancement, communications and donor relations at Tufts.

The system in question belongs to the university but was running software from and being managed by RuffaloCODY, a software company in Cedar Rapids, Iowa, that assists nonprofit organizations with fundraising, membership and enrollment. The server was being used to support the university's Advancement telefund operation, in which students are paid to call alumni and other donors to solicit gifts for the university, Jay said.

Tufts detected a high volume of unusual behavior on the system that indicated it might have been used as a distribution point in a file-sharing network. However, university IT staff were not able to confirm that any sensitive files were copied or that there was misuse of information on the system, Jay said.

Tufts did not initially disclose the security breach but was prompted to do so after coverage of other recent security breaches, Jay said. "We started to realize that what we had seen wasn't confirmation of misuse but that we should give donors and alums the information [about the breach] as a precaution," she said.

In its letter, Tufts recommended that recipients of the letter notify their bank and ask credit bureaus to issue fraud alerts and check for any unusual activity in their name. The university also set up a toll-free support line to assist individuals whose information may have been compromised.

In March, Boston College notified 120,000 alumni that their Social Security numbers and other personal information might have been compromised. As with the incident at Tufts, that notice followed the discovery of a security breach on a third-party server that the university was using for fundraising.

BC is also a RuffaloCODY customer, according to information on RuffaloCODY's Web site. Both Tufts and BC are listed as customers of the company's CampusCall product, which is described as a phonathon automation tool. Other universities in Boston use the product as well, including MIT, Northeastern University and Harvard University Law School. However, Tufts and BC are both listed as managed sites while the other schools are not.
Calls to RuffaloCODY were not immediately returned.

The University of Massachusetts campus at Lowell is listed as a RuffaloCODY managed site as well, according to the company's Web page.

Jim Packard, an IT security specialist at UMass Lowell, said he has seen signs on campus that mentioned RuffaloCODY, but he wasn't sure whether the company operates a managed server on the campus. Calls to the UMass Lowell alumni office were not immediately returned.

Source.

More in Tux Machines

Parabola GNU/Linux-libre 2016.07.27 Adds LightDM as Default Display Manager

André Fabian Silva Delgado proudly announced the availability for download of the live ISO images of the Parabola GNU/Linux-libre 2016.07.27 operating system based on Arch Linux. Read more

Modular Moto Z Android phone supports DIY and RPi HAT add-ons

Motorola and Element14 have launched a development kit for creating add-on modules for the new modular Moto Z smartphone, including an adapter for RPi HATs. We don’t usually cover smartphones here at HackerBoards because most don’t offer much opportunity for hardware hacking. Yet, Lenovo’s Motorola Mobility subsidiary has spiced up the smartphone space this week by announcing a modular, hackable “Moto Mods” backplate expansion system for its new Android-based Moto Z smartphones. Read more

today's leftovers

  • Windows 10 pain: Reg man has 75 per cent upgrade failure rate
    As your humble HPC correspondent for The Register, I should probably be running Linux on the array of systems here at the home office suite. But I don't. I've been a Microsoft guy since I bought my first computer way back in 1984. You, dear readers, can rip me for being a MStard, but it works worked well for my business and personal needs. I've had my ups and downs with the company, but I think I've received good value for my money and I've managed to solve every problem I've had over the years. Until yesterday, that is. Yesterday was the day that I marked on my calendar as "Upgrade to Windows 10 Day." We currently have four systems in our arsenal here, two laptops and two desktops. The laptops are Lenovo R61 and W510 systems, and the desktops are a garden variety box based on an Asus P7P55D Pro motherboard. The other desktop is my beloved Hydra 2.0 liquid cooled, dual-processor, monster system based on the EVGA Classified SR-2 motherboard. These details turn out to be important in our story.
  • Rygel/Shotwell/GUADEC
  • How to setup HTTP2 in cPanel/WHM Linux VPS using EasyApache3
  • Pushed Fedora Graphical upgrade via Gnome software utility
  • openSUSE Tumbleweed – Review of the Week 2016/30
  • Ubuntu 16.04.1 LTS Available for System76 PCs, Ubuntu 15.10 Users Must Upgrade
    As reported by us last week, Canonical announced the first point release of the Ubuntu 16.04 LTS (Xenial Xerus), and it looks like the guys over System76 were pretty quick to push the update to users' computers. Ubuntu 16.04.1 LTS is the latest, most advanced version of the Xenial Xerus operating system, and we recommend that you upgrade to it as soon as possible if you didn't do it already. This is an important point release because it also opens up the upgrade path for users of the Ubuntu 14.04.4 LTS (Trusty Tahr) distribution.
  • A Reminder Of Why I Hate Ubuntu
    Yesterday I was reminded why I hate Ubuntu. I suddenly was unable to SSH into Odroid-C2. From Odroid-C2 I could do everything as normal. It turned out the IP address had changed despite my HOST declaration in Beast’s DHCP server and Odroid-C2 being set to use DHCP, or so I thought. Nope. There was a dhclient.conf file in Odroid-C2 which requested everything and the kitchen sink from DHCP, stuff I had no use of like netbios… The man page for the dhclient.conf file says it all: “The require statement lists options that must be sent in order for an offer to be accepted. Offers that do not contain all the listed options will be ignored. There is no default require list.”
  • Thin Mini-ITX board taps Braswell SoCs, offers 4K video
    IEI’s “tKINO-BW” Mini-ITX board features Intel Pentium and Celeron “Braswell” SoCs, 4K video, triple display support, and optional remote management. Over the last year, numerous Mini-ITX boards based on Intel’s “Braswell” family of 14nm SoCs have reached market, but there have been far fewer models billed as being “thin.” This somewhat arbitrary term refers to boards with low-profile coastline port layouts, generally for space-constrained embedded applications rather than big gaming boxes.

Server Administration

  • MicroBadger and the Awesome Power of Container Labels
    Containers have the power to change infrastructure architecture, making it more secure and more energy efficient. This is because containerized applications can be started, stopped or juggled from machine to machine in seconds — far faster than applications can be moved on VMs or bare metal. That speed opens up the world to intelligent container-aware tools that can control what’s running in a data center in near real time. Combined with clever tooling, containers could help make data centers less static and more like an organic body: re-assigning resources or repelling threats as and when required. But for this vision to come about, those clever tools of the future need information. They need to know things like: is a particular containerized image mission critical? Does it contain a security flaw? Can it be safely stopped? Who should be paged if it crashes?
  • 7 Tips for SysAdmins Considering a Linux Foundation Training Certification
    Open source is the new normal for startups and large enterprises looking to stay competitive in the digital economy. That means that open source is now also a viable long-term career path. “It is important to start thinking about the career road map, and the pathway that you can take and how Linux and open source in general can help you meet your career goals,” said Clyde Seepersad, general manager of training at The Linux Foundation, in a recent webinar.
  • 3 Unique Takes on the Linux Terminal at Your Command
    When I first started on my journey with Linux, back in the late 1990s, there was one inevitability: the terminal. You couldn’t escape it. The command line was a part of your daily interaction with the open source platform and that was that. Today’s Linux is a much different beast. New and seasoned users alike can work with the platform and never touch the command line or terminal. But, on the off-chance you do want to take advantage of the power that is the command line, it’s good to know there are numerous options available, some of which offer unique takes on the task. Those are the terminals I want to highlight today—the ones that offer more than just the ability to enter a command. If you’re looking for a far more efficient interaction with your terminal and OS, or you’re looking for more flexibility with your terminal, one of these will certainly fit your needs.
  • OpsDev Is Coming
    OpsDev means that the dependencies of the various application components must be understood and modeled first before the development process begins.
  • One DevOps tool for all clouds: Cloudify
    Who doesn't want one program to run multiple clouds? I know I do. Cloudify, an open-source orchestration software company, now claims it can support all the top five public clouds and Azure, OpenStack, and VMware, with its latest release, Cloudify 3.4.
  • 5 sysadmin horror stories
    The job ain't easy. There are constantly systems to update, bugs to fix, users to please, and on and on. A sysadmin's job might even entail fixing the printer (sorry). To celebrate the hard work our sysadmins do for us, keeping our machines up and running, we've collected five horror stories that prove just how scary / difficult it can be.
  • A guide to scientific computing system administration
    When developing applications for science there are times when you need to move beyond the desktop, but a fast, single node system may also suffice. In my time as a researcher and scientific software developer I have had the opportunity to work on a vast array of different systems, from old systems churning through data to some of the largest supercomputers on the planet.