FAYETTEVILLE — The University of Arkansas said Thursday hackers breached its online store for computer hardware and software purchases, affecting as many as 1,007 of its customers.
Customers affected made online-only transactions during the past four years, the university said.
Officials said a review showed that seven customers’ complete credit card numbers were located in the breached data server run by a third-party service located in Maine. One of the customers is a unit of the university, they said.
No security codes or other sensitive authentication data were stored on the server for any customers, officials said.
Donald O. Pederson, vice chancellor for finance and administration, said the security breach affected a computer server configuration maintained at the University of Maine in Orono, which for several years provided hardware and software support for online computer sales and related transactions on behalf of several universities.
Independent reporting for Pine Bluff & Jefferson County since 1879.
Pederson said no servers at the University of Arkansas were involved or breached. The specific third-party server that was hacked was located in Maine and solely handled online transactions for the University of Arkansas and other university computer stores. The breach had no effect on in-store purchases at the University of Arkansas Computer Store, he said.
The campus store shut down its online site as soon as it became aware of the possible security breach, according to Pederson, who said the store had been in the final stages of a previously scheduled transition to a campus-based e-commerce site, which will occur as planned this month.
“At this time specialists in Maine and in Arkansas continue to conduct forensic work on the breach,” Pederson said. “Once that work is complete, we expect the number of exposed customer card numbers to be fewer — perhaps far fewer — than the 1,007 possibilities identified through the initial review.”