Both the University of Maine and the Maine Legislature are the latest targets of computer hackers, although the two attacks are not believed to be related. Two UMaine servers and a legislative Web site have been compromised. One Web site remains off line and police are investigating. The hackers may have infected computers with viruses, and in the case of several thousand UMaine students, stolen social security numbers, birthdates and accessed other sensitive information.

Not only did hackers break into two University of Maine computer servers, but, according to University Police, information from the Orono campus's counseling center was compromised. That database includes names, social security numbers and clinical information related to mental health services accessed by students.

"This sort of crime is in every way, shape and form an insidious affront to the rightful privacy expectations of our students," says Dean of Students Robert Dana. He says the fact that a counseling center server was hacked is most likely coincidental.

"The likelihood is that they were searching for social security numbers and dates of birth, but contained within these databases were clinical information pieces that could have outlined things that happened in counseling sessions," he says.

It's unclear who hacked into the system or from where. UMaine's investigation began on June 16th, when counseling center staff reported trouble obtaining server files. So far, the investigation has revealed that a server was compromised as early as March 4th. After gaining access to that machine, the hacker infiltrated a second server.

Because of the ongoing investigation, police are not disclosing how the hacker breached security. "They were hacked remotely, and as described to me the hacking device could have been a robot computer in China that could hacked a robot computer in Israel which could have hacked a robot computer in Italy that finally got to the University of Maine."

Dana says about 4,600 students may be affected by the breach. He says anyone who used counseling center services between August 8, 2002 and June 21, 2010 is potentially at risk. The University administration is now trying to track down current addresses of those people in order to send them notification letters.

The University of Maine police department is leading the criminal investigation with the help of the United States Attorney's office and the Secret Service. UMaine Detective Sergeant William Flagg says it's unclear whether data were viewed, compromised or downloaded from either of these servers, but officials are operating according to a worst-case scenario.

"This is not going to be an investigation that's going to be measured in days or weeks," he says. "It could very well be measured in months."

UMaine has hired a company called Debix, which works with organizations when servers are breached. Debix will provide one year of identity protection services at the University's expense to anyone who was affected and wishes to have their credit monitored. Identity theft insurance will also be available.

Finally, the University has set up a Web site at umaine.edu/informationcenter. Dana says the investigation and related services will likely cost the University thousands of dollars.

On a separate but related note, the Maine Legislature has also announced that one of its Web sites has been hacked and infected with malicious software. The site, which is routinely used to look up the status of a bill, remains offline. Scott Clark, the Maine Legislature's Information Technology Director, says anyone who visited the site on Thursday could have clicked on links that would have allowed malware into their computer.

"Theoretically, it could happen to anybody, but it would depend on their level of antivirus and firewall protection on their PC," Clark says. "If it did something to their antivirus software it would have popped up a message and told them that there was an issue so they would have seen something by now."

Clark says his office noticed the problem on Friday morning. The Web site is run by a vendor and Clark says there are plans to tighten security. It's unclear when the system will be brought back online.