UCLA notifies 800,000 of personal data hack

Powered by SC Magazine

The University of California, Los Angeles alerted 800,000 people on Tuesday that their personal information may have been compromised after discovering that hackers have been exploiting an undetected security hole in a database for more than a year.

The database contains personal information about current and former students, faculty and staff, applicants and parents of students or applicants who applied for financial aid.

UCLA discovered the breach on Nov. 21 and immediately blocked access to Social Security numbers stored in the database. It also notified the FBI, which is conducting an investigation on the incident.

"In spite of our diligence, a sophisticated hacker found and exploited a subtle vulnerability in one of hundreds of applications," said Jim Davis, UCLA's chief information officer and associate vice chancellor for information technology.

"We deeply regret the concern and inconvenience caused by this illegal activity. We have reconstructed and protected the compromised database and launched a comprehensive review of all computer security measures to accelerate systematic enhancements that were already in progress."

Some security experts weren't convinced that the university effectively tried to prevent the hack.

"This is another example of the silent epidemic we are seeing right now," J.J. Schoch, director of marketing at Panda Software Labs told SC Magazine. "Viruses used to be very noisy, but now it is all about organised crime looking to make money very quietly. This illustrates the need for strong intrusion prevention - it is not whether you are attacked by malicious code, but whether there is malicious behavior happening. A good security solution could probably have notified them almost immediately that something was going on."

UCLA Acting Chancellor Norman Abrams informed affected individuals that the hacker accessed personal information of some of those in the database, but the university has no evidence that any data has been misused.

"We take our responsibility to safeguard personal information very seriously," Abrams said. "My primary concern is to make sure this does not happen again and to provide to the people whose data is stored in the database important information on how to minimise the risk of potential identity theft and fraud."

Click here to email Ericka Chickowski.

Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
Sign up to receive iTnews email bulletins
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx