A University of Maine computer server has been breached by hackers, potentially exposing personal information of individuals who made purchases through campus-based computer stores at UMaine and the University of Arkansas. According to UMaine officials, as many as 435 credit card numbers and 1,175 Social Security numbers could have been exposed, though an investigation is still ongoing.
The compromised server supported only online sales of campus computer stores, and it is still unclear whether any of the data was compromised by the hackers, according to a UMaine press release. The University of Arkansas in 2007 has been using a web-based supply chain system called Buyers Search Assistant, which UMaine developed in 1999. No other UMaine computer systems containing other student or university data were affected.
Up to 1,007 online-only transaction records from the University of Arkansas were on the server. Arkansas officials first learned of the security breach April 27 through a story posted online by a hacker activist group. UMaine officials took the server offline and notified local, state and federal agencies when they learned of the hack. Agencies began retrieving data from the server hard drives on May 2 for forensic analysis.
Affected customers will be contacted via letter.
The University of Maine also experienced a computer security breach in 2010, when hackers allegedly accessed personal data of an estimated 4,585 students from the campus Counseling Center. Forensic analysis ultimately revealed that no personal data was uploaded or shared.