The breached server contained the account information of 72,000 students and staff between the time of infection in 2003 and its recent discovery, school officials said.
The computer hacking program, known as a rootkit, was installed by malicious hackers nearly two years ago, but was detected on June 20 after a university vendor noticed that an invalid logon attempt had originated from a computer within the UConn domain, according to the school.
''Results of our examination reveal no indication that any personal information was accessed or extracted,'' CIO Michael Kerntke said in a statement.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i An e-mail was sent to all users at UConn and the university was contacting people without e-mail accounts by mail, spokeswoman Karen Grava said.
The breach occurred on October 26, 2003, according to Kerntke, but the attack took advantage of a vulnerability in the server that was unknown at the time to the university or the vendor.
A patch has now been developed by the vendor to eliminate security breaches. Kerntke also said the personal information on the server was not easily accessible.
''We moved immediately to protect the data by taking the impacted server off line,'' he said. ''In addition, we verified that other computers that communicate with the breached server and may contain sensitive information were secured.''