UCLA Hacked
An unknown hacker has infiltrated a massive University of
California, Los Angeles database with personal information on
800,000 people, the school said on Tuesday, in one of the worst
computer breaches ever at a U.S. university.
The highly sophisticated attack exploited a software flaw to
crack the computer system in a bid to obtain Social Security
numbers, UCLA said in notices sent to all 800,000 potential
victims, most of them current or former students and faculty
members.
The University had no suspects despite an emergency investigation that began shortly after the hack was discovered on November 21, said Jim Davis, UCLA associate vice chancellor of information technology. The FBI has also begun a probe.
"We definitely do not know who it is yet," Davis said. "All indications so far are that this is a malicious, targeted attack and well orchestrated. And the other thing that was unnerving to us was that it was orchestrated in such a way so that it covered its tracks."
Davis said the hacker apparently began trying to worm into the system more than a year ago but drew suspicion only after technicians investigating performance issues on the computer system noticed odd "data traffic patterns."
The database contained names, social security numbers, dates of birth, home addresses and contact information that could be used by identity thieves. It is normally restricted to UCLA staff whose jobs require them to have access.
The university said it was not aware of any instance in which the personal information had been "misused" but was notifying all 800,000 people as a precaution. Davis said the school was also reviewing its practices for storing personal information.
In addition to 38,000 current UCLA students and 25,000 faculty members, the database apparently stored personal information for many former students going back at least a decade. University spokesman Phil Hampton said the database was not used for fund-raising and that in some cases federal law required the school to maintain the information.
Computer security experts told the Los Angeles Times the sheer number of people exposed to the hacker made it one of the largest ever perpetrated against an American university.
The University had no suspects despite an emergency investigation that began shortly after the hack was discovered on November 21, said Jim Davis, UCLA associate vice chancellor of information technology. The FBI has also begun a probe.
"We definitely do not know who it is yet," Davis said. "All indications so far are that this is a malicious, targeted attack and well orchestrated. And the other thing that was unnerving to us was that it was orchestrated in such a way so that it covered its tracks."
Davis said the hacker apparently began trying to worm into the system more than a year ago but drew suspicion only after technicians investigating performance issues on the computer system noticed odd "data traffic patterns."
The database contained names, social security numbers, dates of birth, home addresses and contact information that could be used by identity thieves. It is normally restricted to UCLA staff whose jobs require them to have access.
The university said it was not aware of any instance in which the personal information had been "misused" but was notifying all 800,000 people as a precaution. Davis said the school was also reviewing its practices for storing personal information.
In addition to 38,000 current UCLA students and 25,000 faculty members, the database apparently stored personal information for many former students going back at least a decade. University spokesman Phil Hampton said the database was not used for fund-raising and that in some cases federal law required the school to maintain the information.
Computer security experts told the Los Angeles Times the sheer number of people exposed to the hacker made it one of the largest ever perpetrated against an American university.