Skip Navigation
 Text Only | Home | A-Z Directory | MaineStreet | Campus Map | Calendar
Information Center
Give Now | Apply to UMaine | Parents & Family   Emergency

Timeline

Data Security Breach
Timeline of Events

Nov. 24, 2009
The Counseling Center database was moved to a new server housed in the University of Maine System Data Center. The old server was set to be re-commissioned as a local video server for the Counseling Center, but still contained several copies of the legacy server which included personal information as defined by the Maine Notice of Risk to Personal Data Act.

June 16, 2010
University of Maine Student Affairs IT was contacted by an employee at the Counseling Center who was having difficulty communicating with the legacy server. It was subsequently determined that access to this server had been turned off since April 5, 2010, as the result of an automated notification of suspicious activity on that server.

June 17, 2010
Initial notification was made to the UMS Chief Information Officer that an incident had occurred that may have resulted in unauthorized access to personal information. The UMS CIO directed that this be treated as a breach under the UMS Information Security Policy and that an investigation begin.

June 17-23, 2010
Preliminary investigation is conducted.

June 23, 2010
The Maine Attorney General’s Office receives initial notification under the Maine Notice of Risk to Personal Data Security Act. The University of Maine Police Department also receives initial notification.

June 25, 2010
The Maine Attorney General’s Office determines that this is a noticeable event under the Maine Notice of Risk to Personal Data Security Act.

June 29, 2010
Public announcement of the security breach.

Results of Preliminary Investigation

The preliminary investigation concluded that the server appeared to have been compromised since (at the earliest) March 4, 2010.

On or around April 2, 2010 an unauthorized program was remotely installed. The resulting activity from this program triggered an automated alert that resulted in access to the server being blocked on April 5, 2010.

An examination of the new server housing the active Counseling Center database indicated that unauthorized access was made on June 8, 9 and 10, 2010.

 
Information Center Home
FAQ
Resources for those potentially affected
Who might be affected?
UMaine news release
Statement from Vice President Dana
Law enforcement response
Timeline
Directive from Chancellor Pattenaude

Go Blue!
The University of Maine
Orono, Maine 04469
207-581-1865