Data Breach at UCLA Exposes Records on 800,000

A data breach at the University of California, Los Angeles (UCLA) has exposed records containing personal information—including some names, Social Security numbers and birth dates—on roughly 800,000 current and former students and faculty members, as well as a number of people who applied to the school during the past five years but never ended up attending, LATimes.com reports.

Some information on parents of students or applicants who filed for financial assistance was also compromised, according to LATimes.com.

Hackers began their attempts to crack the UCLA database in October 2005, and they were blocked on Nov. 21 when computer security representatives with the university noticed suspicious search queries on the database and realized attacks were being perpetrated, LATimes.com reports.

Acting UCLA Chancellor Norman Abrams said in a letter expected to be distributed to potentially affected parties today that the Social Security numbers of some individuals were indeed accessed, but there is currently no evidence to suggest the information has been put to illegal use, according to LATimes.com.

The UCLA breach is the most recent in a long line of data breaches over the past few years at colleges or universities, banks, government agencies and data collection firms, among others.

Jay Foley, Identity Theft Resource Center executive director, told LATimes.com that schools like UCLA are becoming common targets for hackers looking to harvest ID theft-related information.

“Universities tend to have a lot of information floating around in a lot of different places,” Foley said, according to LATimes.com. “They are places we send our children to share ideas, and it’s hard to mix the open sharing of ideas with the need to tighten down on security.”

In 2003, San Diego State’s financial aid system was breached when a hacker employed an old computer network in the school’s drama department to access information—including Social Security numbers—on some 200,000 people, LATimes.com reports.About two years later in 2005, a USC database was hacked and records on roughly 270,000 people were exposed, according to LATimes.com.

Foley and others who spoke with LATimes.com call the recent UCLA breach “among the largest at an American college or university.”

Some 29 security breaches at U.S. colleges during the first half of 2006 exposed records on approximately 845,000 people, LATimes.com reports.

A website has been launched by UCLA to provide information to potentially affected people, as well as a call center that can be reached at (877) 533-8082.

Related Links:

• When the Dike Breaks: Responding to the Inevitable Data Breach (CSO magazine content)

• Data Theft at the VA (CSOonline.com exclusive)

• FTC Launches Program for ChoicePoint Breach Victims

• The Five Most Shocking Things About the ChoicePoint Debacle (CSO magazine content)

Keep checking in at our CSO Security Feed page for updated news coverage.

-Compiled by Al Sacco