Language Selection

English French German Italian Portuguese Spanish

Tufts warns of security breach

Filed under
Security

Alumni of Tufts University in Boston have been notified that personal information stored on a server used by the university for fundraising could have been exposed to intruders.

The university detected a possible security breach in an alumni and donor database after noticing abnormal activity on the server in October and December. The server was managed by a third-party vendor, according to a statement on Tufts' Web site. The incident is almost identical to a breach in March on a fundraising system used by Boston College and follows reports of other information theft incidents in recent months at California State University, Chico, and the University of California, Berkeley.

As a precaution, Tufts sent a letter on April 7 to 106,000 alumni and donors who could be affected by the breach. Tufts said it did not have any evidence that the information stored in the database was retrieved or misused, said Betsey Jay, director of advancement, communications and donor relations at Tufts.

The system in question belongs to the university but was running software from and being managed by RuffaloCODY, a software company in Cedar Rapids, Iowa, that assists nonprofit organizations with fundraising, membership and enrollment. The server was being used to support the university's Advancement telefund operation, in which students are paid to call alumni and other donors to solicit gifts for the university, Jay said.

Tufts detected a high volume of unusual behavior on the system that indicated it might have been used as a distribution point in a file-sharing network. However, university IT staff were not able to confirm that any sensitive files were copied or that there was misuse of information on the system, Jay said.

Tufts did not initially disclose the security breach but was prompted to do so after coverage of other recent security breaches, Jay said. "We started to realize that what we had seen wasn't confirmation of misuse but that we should give donors and alums the information [about the breach] as a precaution," she said.

In its letter, Tufts recommended that recipients of the letter notify their bank and ask credit bureaus to issue fraud alerts and check for any unusual activity in their name. The university also set up a toll-free support line to assist individuals whose information may have been compromised.

In March, Boston College notified 120,000 alumni that their Social Security numbers and other personal information might have been compromised. As with the incident at Tufts, that notice followed the discovery of a security breach on a third-party server that the university was using for fundraising.

BC is also a RuffaloCODY customer, according to information on RuffaloCODY's Web site. Both Tufts and BC are listed as customers of the company's CampusCall product, which is described as a phonathon automation tool. Other universities in Boston use the product as well, including MIT, Northeastern University and Harvard University Law School. However, Tufts and BC are both listed as managed sites while the other schools are not.
Calls to RuffaloCODY were not immediately returned.

The University of Massachusetts campus at Lowell is listed as a RuffaloCODY managed site as well, according to the company's Web page.

Jim Packard, an IT security specialist at UMass Lowell, said he has seen signs on campus that mentioned RuffaloCODY, but he wasn't sure whether the company operates a managed server on the campus. Calls to the UMass Lowell alumni office were not immediately returned.

Source.

More in Tux Machines

Bodhi Updates, KaOS & Antergos Reviews, Another 25?

Today in Linux news, Jeff Hoogland posted a short update on the progress of Bodhi Linux 4.0 and reported on the updates to the project's donations page. In other news, An Everyday Linux User reviewed Arch-based Antergos Linux saying it was "decent" and Ubuntu-fan Jack Wallen reviewed "beautiful" KDE-centric KaOS. makeuseof.com has five reasons to switch to the Ubuntu phone and Brian Fagioli asked if Linux can survive another 25 years. Read more

Rise of the Forks: Nextcloud and LibreOffice

  • ownCloud-Forked Nextcloud 10 Now Available
  • Secure, Monitor and Control your data with Nextcloud 10 – get it now!
    Nextcloud 10 is now available with many new features for system administrators to control and direct the flow of data between users on a Nextcloud server. Rule based file tagging and responding to these tags as well as other triggers like physical location, user group, file properties and request type enables administrators to specifically deny access to, convert, delete or retain data following business or legal requirements. Monitoring, security, performance and usability improvements complement this release, enabling larger and more efficient Nextcloud installations. You can get it on our install page or read on for details.
  • What makes a great Open Source project?
    Recently the Document Foundation has published its annual report for the year 2015. You can download it as a pdf by following this link, and you can now even purchase a paper copy of the report. This publication gives me the opportunity to talk a bit about what I think makes a great FOSS project and what I understand may be a great community. If it is possible to see this topic as something many people already went over and over again, think again: Free & Open Source Software is seen as having kept and even increased its momentum these past few years, with many innovative companies developing and distributing software licensed under a Free & Open Source license from the very beginning. This trend indicates two important points: FOSS is no longer something you can automagically use as a nice tag slapped on a commodity software; and FOSS projects cannot really be treated as afterthoughts or “nice-to-haves”. Gone are the days where many vendors could claim to be sympathetic and even supportive to FOSS but only insofar as their double-digits forecasted new software solution would not be affected by a cumbersome “community of developers”. Innovation relies on, starts with, runs thanks to FOSS technologies and practices. One question is to wonder what comes next. Another one is to wonder why Open Source is still seen as a complex maze of concepts and practices by so many in the IT industry. This post will try to address one major difficulty of FOSS: why do some projects fail while others succeed.

Red Hat News

  • Red Hat Virtualisation 4 woos VMware faithful
    It is easy for a virtual machine user to feel left out these days, what with containers dominating the discussion of how to run applications at scale. But take heart, VM fans: Red Hat hasn’t forgotten about you. Red Hat Virtualisation (RHV) 4.0 refreshes Red Hat’s open source virtualisation platform with new technologies from the rest of Red Hat’s product line. It is a twofold strategy to consolidate Red Hat’s virtualisation efforts across its various products and to ramp up the company’s intention to woo VMware customers.
  • Forbes Names Red Hat One of the World's Most Innovative Companies
    Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced it has been named to Forbes' “World’s Most Innovative Companies” list. Red Hat was ranked as the 25th most innovative company in the world, marking the company's fourth appearance on the list (2012, 2014, 2015, 2016). Red Hat was named to Forbes' "World's Most Innovative Growth Companies" list in 2011.
  • Is this Large Market Cap Stock target price reasonable for Red Hat, Inc. (NYSE:RHT)?

GNU/Linux Leftovers

  • World Wide Web became what it is thanks to Linux
    Linux is used to power the largest websites on the Internet, including Google, Facebook, Amazon, eBay, and Wikipedia.
  • SFC's Kuhn in firing line as Linus Torvalds takes aim
    A few days after he mused that there had been no reason for him to blow his stack recently, Linux creator Linus Torvalds has directed a blast at the Software Freedom Conservancy and its distinguished technologist Bradley Kuhn over the question of enforcing compliance of the GNU General Public Licence. Torvalds' rant came on Friday, as usual on a mailing list and on a thread which was started by Software Freedom Conservancy head Karen Sandler on Wednesday last week. She suggested that Linuxcon in Toronto, held from Monday to Thursday, also include a session on GPL enforcement.
  • Linux at 25: A pictorial history
    Aug. 25 marks the 25th anniversary of Linux, the free and open source operating system that's used around the globe in smarphones, tablets, desktop PCs, servers, supercomputers, and more. Though its beginnings were humble, Linux has become the world’s largest and most pervasive open source software project in history. How did it get here? Read on for a look at some of the notable events along the way.