Skip Navigation
 Text Only | Home | A-Z Directory | MaineStreet | Campus Map | Calendar
Information Center
Give Now | Apply to UMaine | Parents & Family   Emergency

FAQ

What kind of information was on the servers?

The servers contained information associated with the UMaine Counseling Center. That information included names, social security numbers and clinical information.

How will UMaine and the University of Maine System modify policies and practices to improve security?

The University of Maine System implemented an Administrative Practice Letter addressing Information Security (PDF) on June 29, 2009, in response to the enactment of the Maine Notice of Risk to Personal Data Act (PDF).  An internal review will be conducted to determine if this new policy and standard procedures were followed.  Recommendations for updating the policy resulting from this review will be made promptly.

The University of Maine System will also engage outside assistance to perform an assessment of the vulnerability of our information technology infrastructure and determine what steps may be needed to improve security.

How many servers were compromised and when?

A server that contained student data covering 2002-2005 was hacked on or about March 4, 2010. A second server, which contained all the data in the first server plus information from 2005-present, was subsequently compromised.

What steps is UMaine taking to notify and assist those whose data may have been compromised?

UMaine will send letters to each person who may have been affected, describing the situation and services those people may access. It has engaged the Debix Identity Protection Network, a national company that has assisted other universities in similar situations. Debix will provide affected students and former students with at least 12 months of identity protection at no cost. Specific services include credit monitoring, credit alerts and identity theft insurance.

Those letters, which will be mailed at the beginning of July, are customized to each recipient. They will include specific information about how the victim can access identity protection services.

Has clinical information been shared with anybody, either for purposes of investigation or the university’s response?

Clinical records have not been shared with anyone outside of the University of Maine Counseling Center. Any questions pertaining to confidential information should be directed to the Counseling Center at (207) 581-1392.

What law enforcement resources are involved in the investigation?

The University of Maine police department is leading the investigation, which includes consultation and support from the U.S. Attorney’s office and computer crimes experts from the U.S. Secret Service.

Why are college and university servers so often targeted by hackers?

At least five U.S. college and university servers and/or computers have been compromised during June 2010 alone. Hackers target universities because they have significant numbers of powerful servers and because they are connected to large-bandwith systems, providing greater opportunity to download data and/or employ methods that require significant bandwith.

 
Information Center Home
FAQ
Resources for those potentially affected
Who might be affected?
UMaine news release
Statement from Vice President Dana
Law enforcement response
Timeline
Directive from Chancellor Pattenaude

Go Blue!
The University of Maine
Orono, Maine 04469
207-581-1865