A hacker has infiltrated a University of California, Los Angeles database containing the personal information on 800,000 people, the school said on Tuesday, in one of the worst computer breaches ever at a U.S. university.
The hacker, who was seeking social security numbers, exploited a software flaw to crack the massive database, UCLA said in notices sent to all 800,000 potential victims, most of them current or former students and faculty members.
“My primary concern is to make sure this doesn’t happen again and to provide to the people whose data is stored in the database important information on how to minimize the risk of potential identity theft and fraud,” UCLA Acting Chancellor Norman Abrams said in a written release.
“We take our responsibility to safeguard personal information very seriously,” Abrams said.
Right. You’re doing a wonderful job.
The database contained names, social security numbers, dates of birth, home addresses and contact information that could be used by identity thieves. It is normally restricted to those whose jobs require them to have access.
Both the university and FBI were investigating the hacker, who first began trying to access the school’s computer systems more than a year ago, but declined to say whether a suspect had been identified.
“When UCLA discovered this activity on November 21, 2006, computer security staff immediately blocked all access to Social Security numbers and began an emergency investigation,” Abrams said in the letter.
They’ve known this dude was trying for a year — the info was stolen, last month. Does anyone notice a trend, here?
Just more proof, if we needed it, that SSN’s should not be used by every organization as a handy identifier. These personal info faux-pas have gotten just about as common as the MS 0day exploit.
I can’t speak for the UCLA on this one, but state universities all over the world are finding it tough recruiting and keeping skilled IT security staff. Training sys admins or engineers in IT security effectively doubles their personal worth, which they soon discover and move on. Naturally, they are then reluctant to train anyone else as a consequence. Discovering the exploit and finding it splashed in newspapers across the world, is ruining Christmas for a lot of under-resourced, over-worked and under-paid career IT people. My thoughts go to them and their families and I hope that whatever comes out of all this, that the right people are blammed for it.
So does anyone have a total count of all the identities/information that has been compromised? There was the credit card company, the VA, numerous universities; surely the number is in the multi millions.
MY ss card says “not to be used for identification”. Yes I’m that old. Does anybody know what lying politition changed this?
Perhaps the UCLA storm troopers can taser Chancellor Abrams in order to get him to hire better IT personnel?
This is beautiful.
FYI, folks: Every Executive staff member in America is directly at the root of this problem. Strange to say? NO, and here’s why:
People who don’t understand I.T. can’t place value on it. Thus, they underfund I.T. departments all across the USA. It goes from one of the largest companies in the world (Microsoft, opening doors for h4xm3n since 1981!) to non-profits (the YMCA, speaking from experience).
That’s all there is to it. Pretty much anybody born before about 1966 is virtually worthless in the world of I.T. management (no offense, cranky guys).
I love the quote: “My primary concern is to make sure this doesn’t happen again…”
It doesn’t have to, the data’s already available for download somewhere… HAH!
It is actually illegel to ask you for your ss#. That being said though most companys will not cash a check or allow you to get a loan without giving it up.
Pretty much anybody born before about 1966 is virtually worthless in the world of I.T. management (no offense, cranky guys).
None taken.
But I don’t understand your logic. Maybe you’re confusing conceit with ability.
#6: the best IT boss I’ve ever had was born before 1966! He had a tremendous technical knowledge, was incredibly smart, had a great sense of humour and was fair. (He was from 1955 if I remember correctly)
He’s a CTO nowadays.
Just one of his stories was that he walked into the data center where 2 technicians were battling for a couple of hours with an Exchange server that was getting all sorts of weird error messages and they tried to do everyting to get it back up checking MS Knowledge Base articles…
In a phone call to me he told me “these youngsters” actually forgot to check whether the server had run out of disk space
[Grin]