Home > Security News > Hacker exploits UCLA database
Security News:
EMAIL THIS LICENSING & REPRINTS

Hacker exploits UCLA database

By Robert Westervelt, News Editor
12 Dec 2006 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

A hacker exploited a University of California, Los Angeles database containing the personal information of former students, faculty and staff, according to a statement issued by the university Tuesday. About 800,000 potential victims were notified.

Security staff made the discovery on Nov. 21. The university said an attacker exploited an undetected software flaw in the restricted database over a period of one year, between October 2005 and November 2006. The database contained names, Social Security numbers, dates of birth, home addresses and other contact information, the university said.
Data breach:
Survey: Data breach costs surge

AT&T breach affects 19,000 customers

Complying with breach notification laws

Be afraid of the catastrophic data breach

Breach prevention: Adding security to the purchasing process

When access management becomes rocket science

"UCLA is notifying all of those individuals in the database, even though a continuing investigation indicates that the computer trespasser sought and obtained only some of the information," according to a statement issued by the university in an alert posted on its Web site. "There is no evidence to suggest that personal information has been misused."

When the discovery was made, security staff immediately blocked access to Social Security numbers and began an investigation, said Norman Abrams, the university's acting chancellor, in a letter sent to potential victims. Abrams said the university also notified the FBI, which is conducting its own investigation.

"While the university currently utilizes sophisticated information security measures to protect this database, several measures that were already underway, have been accelerated," Abrams said.

Data breaches have been making headlines in 2006. According to a list posted by the watchdog group, Privacy Rights Clearing House, dozens of breaches have taken place in recent months. While, the UCLA breach was one of the largest involving a U.S. higher education institution, businesses have been grappling with data protection and notification of breaches.

In August, AT&T notified about 19,000 customers that their personal data was compromised after digital miscreants hacked one of its computer systems and gained access to credit card information and other personal data. In late 2005, a timeshare unit of Marriott International Inc. notified over 200,000 customers that a data on backup tapes were stolen.

Tags: Identity Theft and Data Security BreachesDatabase SecurityVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google




More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts