 Back To News Article List |
 |
| UCLA warns 800,000 of computer break-in |
Industry News |
Thu 12/14/2006 9:45 am |
|
It was one of the largest such breaches involving a U.S. higher education institution.
The attacks on the database began in October 2005 and ended Nov. 21 of this year, when computer security technicians noticed suspicious database queries, according to a statement posted on a school Web site set up to answer questions about the theft.
Acting Chancellor Norman Abrams said in a letter posted on the site that while the database includes Social Security numbers, home addresses and birth dates, there was no evidence any data have been misused.
The letter suggests, however, that recipients contact credit reporting agencies and take steps to minimize the risk of potential identity theft. The database does not include driver’s license numbers or credit card or banking information.
“We have a responsibility to safeguard personal information, an obligation that we take very seriously,” Abrams wrote. “I deeply regret any concern or inconvenience this incident may cause you.”
School representatives did not return calls for additional comment.
The breach is among the latest involving universities, financial institutions, private companies and government agencies. A stolen Veterans Affairs laptop contained information on 26.5 million veterans, and a hacker into the Nebraska child-support computer system may have gotten data on 300,000 people and 9,000 employers.
Security experts said the UCLA breach, in the sheer number of people affected, appeared to be among the largest at an American college or university.
“To my knowledge, it’s absolutely one of the largest,” Rodney Petersen, security task force coordinator for Educause, a nonprofit higher education association, told the Los Angeles Times.
Petersen said that in an Educause survey released in October, about a quarter of 400 colleges said that they had experienced a security incident in which confidential information was compromised during the previous 12 months, the newspaper reported.
In 2005, a database at the University of Southern California was hacked, exposing the records of 270,000 individuals.
This spring, Ohio University announced the first of what would be identified as five cases of data theft, affecting thousands of students, alumni and employees — including the president. About 173,000 Social Security numbers may have been stolen since March 2005, along with names, birth dates, medical records and home addresses.
Jim Davis, UCLA’s chief information officer, said a computer trespasser used a program designed to exploit an undetected software flaw to bypass all security measures and gain access to the restricted database that contains information on about 800,000 current and former students, faculty and staff, as well as some student applicants and parents of students or applicants who applied for financial aid.
“In spite of our diligence, a sophisticated hacker found and exploited a subtle vulnerability in one of hundreds of applications,” Davis said in the statement.
The university’s investigation so far shows only that the hacker sought and obtained some of the Social Security numbers. But out of an abundance of caution, the school said, it was contacting everyone listed in the database.
About 3,200 of those being notified are current or former staff and faculty of UC Merced and current or former employees of the University of California Office of the President, for which UCLA does administrative processing.
|
|
|
|
|
| Announcements |
|
|
Creative Breakthroughs Hires SIS Guru to Expand Their Education Vertical Focus |
Tue 3/18/2008 |
|
Sean Blenkhorn has been named to the newly-created position of Education Practice Lead for CBI’s Business Development team.
Read More... |
|
|
|
SC Magazine Gives Cyberoam CR1000i 5 Stars |
Fri 3/14/2008 |
|
The Cyberoam 1000i appliance comes fully loaded with many great features for broad gateway security...We found this device to perform very well under testing.
Read More... |
|
|
|
Juniper makes enterprise switch foray, takes aim at Cisco |
Wed 1/30/2008 |
|
Juniper leveraging heritage in carrier-class routing, consistent operating system to target enterprise Ethernet
Read More... |
|
|
|
‘Private’ messages often open secrets |
Mon 1/28/2008 |
|
Don’t send any text messages or e-mails you don’t want to see in the newspaper was a lesson Detroit Mayor Kwame Kilpatrick learned last week, and one repeated by area attorneys and business consultants.
Read More... |
|
|
|
|
|
|
