FAQ – Information Security Incident #2005-07-01
The IT Security Office at California State University
Dominguez Hills has compiled this list of frequently asked questions to assist
users with inquiries into the 2005-07-01 computer security incident. This
document will provide factual information to people affected by the incident.
- I have reviewed the web site incident details and I
still have questions. Who can I contact?
Answer: For additional assistance, call 310-243-2305
and leave a message, or fill out the inquiry form on the CSUDH web site
- I received a notification in the mail about a
computer compromised in an office at CSUDH. Does that mean that someone got
my personal information?
Answer: We know the attacker(s) used the computers to
run Internet Relay Chat (ro)bots designed to mask their real IP number
and/or share files. At this time, there is no evidence that suggests any
data/information theft occurred. However, since the perpetrator(s) had full
remote control, nothing indicates otherwise either.
- Does that mean that someone could have looked at or
changed my class schedule or transcript information?
Answer: The main student records and registration
database was not on the computer that was hacked, so the intruders
did not have access to transcripts or class schedule information.
- What can I do to protect myself if the attackers
did copy my information?
Answer: Visit the
State of California Department of Consumer Affairs Office of Privacy
Protection for helpful information about protecting your identity.
- How did this attack occur?
Answer: Based on a preliminary analysis the computers
were compromised by means of various trojans/backdoors obtained from
infected email messages, malicious web sites, and/or spyware. The intruder(s)
used these to gain illegal entry and install remote control software he/she
could then use to run unauthorized applications such as the BNC (ro)bots.
- Is my information still at risk from another
Answer: Computer security is a high priority on our
campus. We have taken several preventative measures to increase security and
will continue to do so in order to keep pace with any new threats that
emerge in the future.
- Does obtaining a credit report affect my credit
Answer: According to the Experian web site, personal inquiries do not affect a person’s credit
- Will the University pay the fee for me to receive a
credit report if I decide to purchase one?
Answer: Thanks to federal law that went into effect on
December 1, 2004, Californians and residents of other western states can get
one free credit report a year from each of the three national credit
Trans Union. Call 310-243-2305 for assistance/questions with credit
reports and leave a message, or fill out the form at
- Do I need to obtain a credit report from all three
agencies or is querying one sufficient?
Answer: Please visit the web sites for each of the
three national credit bureaus:
Trans Union, to obtain an answer to this question, or call 310-243-2305
for information about setting credit file alerts and getting reports from
all three bureaus.
- If I see something suspicious on my credit report,
Social Security report, or credit card or banking statements, who should I
contact to investigate the activity?
Answer: The California Attorney General’s Office web
site has some helpful hints on what to do if you suspect identity theft.
The State of California Department
of Consumer Affairs Office of Privacy Protection also has various tips for
assisting in this process. Visit their site regarding identity theft at