Hacker exploits UCLA database

University staff notified over 800,000 potential victims after the discovery of the breach on Nov. 21.

A hacker exploited a University of California, Los Angeles database containing the personal information of former students, faculty and staff, according to a statement issued by the university Tuesday. About 800,000 potential victims were notified.

Security staff made the discovery on Nov. 21. The university said an attacker exploited an undetected software flaw in the restricted database over a period of one year, between October 2005 and November 2006. The database contained names, Social Security numbers, dates of birth, home addresses and other contact information, the university said.

Data breach:
Survey: Data breach costs surge

AT&T breach affects 19,000 customers

Complying with breach notification laws

Be afraid of the catastrophic data breach

Breach prevention: Adding security to the purchasing process

When access management becomes rocket science

"UCLA is notifying all of those individuals in the database, even though a continuing investigation indicates that the computer trespasser sought and obtained only some of the information," according to a statement issued by the university in an alert posted on its Web site. "There is no evidence to suggest that personal information has been misused."

When the discovery was made, security staff immediately blocked access to Social Security numbers and began an investigation, said Norman Abrams, the university's acting chancellor, in a letter sent to potential victims. Abrams said the university also notified the FBI, which is conducting its own investigation.

"While the university currently utilizes sophisticated information security measures to protect this database, several measures that were already underway, have been accelerated," Abrams said.

Data breaches have been making headlines in 2006. According to a list posted by the watchdog group, Privacy Rights Clearing House, dozens of breaches have taken place in recent months. While, the UCLA breach was one of the largest involving a U.S. higher education institution, businesses have been grappling with data protection and notification of breaches.

In August, AT&T notified about 19,000 customers that their personal data was compromised after digital miscreants hacked one of its computer systems and gained access to credit card information and other personal data. In late 2005, a timeshare unit of Marriott International Inc. notified over 200,000 customers that a data on backup tapes were stolen.

Dig deeper on Identity Theft and Data Security Breaches

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close