Processes that seemed to mimic malicious behavior led the University of Colorado-Boulder (CU) to disclose a possible breach, the school said this week.

“Interaction between two incompatible software programs mimicked behavior consistent with malicious software," said Dan Jones, university director of IT security, in a statement.

Officials initially had suspected as many as 9,500 individuals had their names, Social Security numbers, addresses and grades potentially exposed to hackers. But a forensic exam turned up no malicious software, and there was no exposure of student and staff private data.
So what happened?

"The functioning of the computers led us to initiate our data breach protocol, which included providing notice to the community of a potential threat of identity theft," Jones said.

Dennis Maloney, chief technology officer for the university, said, "While the data was not compromised, this incident still reinforces the need to constantly improve IT security at CU."

The scare prompted moves, such as re-scanning systems for private data, eliminating Social Security and credit card numbers from all systems, encrypting laptop computers across campus, and improving password management procedures.