Personal information of approximately 800,000 present and former
UCLA students, staff and faculty was compromised after someone
hacked into a university database, in what officials say is
apparently the largest incident of its kind at a college or
university. UCLA officials said Monday that a hacker gained access
to a restricted university database that contained personal
information including Social Security numbers, addresses and
contact information. Credit card numbers, banking information and
driver’s license numbers were not included in the database, but
names and Social Security numbers are the two items needed for
identity theft. Both current and former students’ information may
have been exposed, as some records date back to the early 1990s,
though university officials said as of now they have received no
reports of information being misused. Jim Davis, associate vice
chancellor for information technology and UCLA’s chief information
officer, said in a statement that Social Security numbers seemed to
be the hacker’s target. Davis said the hacker
appeared to have used a flaw in a program to access the database,
which is one of the campus’ central databases. "In spite of our
diligence, a sophisticated hacker found and exploited a subtle
vulnerability in one of hundreds of applications,†he
said. "We have reconstructed and protected the compromised database
and launched a comprehensive review of all computer security
measures to accelerate systematic enhancements that were already in
progress.†Acting Chancellor Norman Abrams sent e-mail
notifications Tuesday to everyone affected by the breach, advising
students to monitor their financial accounts for unauthorized or
fraudulent activity. He wrote that while the university does not
know whose personal information was actually obtained by hackers,
some Social Security numbers were taken. Davis estimated that about
5 percent of the records that were accessed contained Social
Security numbers, Second-year philosophy student Lauryn Gold said
she was upset to hear that the data had been accessed. "It
definitely worries me," she said, adding that she would probably
follow the advice in the chancellor’s letter about how to monitor
and protect her accounts. According to the letter, information in
the database was accessed between October 2005 and November 2006,
when UCLA noticed the unauthorized activity and blocked access to
Social Security numbers. Abrams encouraged affected individuals to
visit a Web site UCLA has set up offering advice on how to protect
against identity theft, and said the university has also notified
the FBI, which is investigating the incident.
With reports from Bruin wire services.