UCLA notifies 800,000 of personal data hack

Powered by SC Magazine
 

The University of California, Los Angeles alerted 800,000 people on Tuesday that their personal information may have been compromised after discovering that hackers have been exploiting an undetected security hole in a database for more than a year.

The database contains personal information about current and former students, faculty and staff, applicants and parents of students or applicants who applied for financial aid.

UCLA discovered the breach on Nov. 21 and immediately blocked access to Social Security numbers stored in the database. It also notified the FBI, which is conducting an investigation on the incident.

"In spite of our diligence, a sophisticated hacker found and exploited a subtle vulnerability in one of hundreds of applications," said Jim Davis, UCLA's chief information officer and associate vice chancellor for information technology.

"We deeply regret the concern and inconvenience caused by this illegal activity. We have reconstructed and protected the compromised database and launched a comprehensive review of all computer security measures to accelerate systematic enhancements that were already in progress."

Some security experts weren't convinced that the university effectively tried to prevent the hack.

"This is another example of the silent epidemic we are seeing right now," J.J. Schoch, director of marketing at Panda Software Labs told SC Magazine. "Viruses used to be very noisy, but now it is all about organised crime looking to make money very quietly. This illustrates the need for strong intrusion prevention - it is not whether you are attacked by malicious code, but whether there is malicious behavior happening. A good security solution could probably have notified them almost immediately that something was going on."

UCLA Acting Chancellor Norman Abrams informed affected individuals that the hacker accessed personal information of some of those in the database, but the university has no evidence that any data has been misused.

"We take our responsibility to safeguard personal information very seriously," Abrams said. "My primary concern is to make sure this does not happen again and to provide to the people whose data is stored in the database important information on how to minimise the risk of potential identity theft and fraud."


Click here to email Ericka Chickowski.


 
 
 
Top Stories
Parliament passes law to let ASIO tap entire internet
Greens effort to limit devices fails.
 
Business-focused Windows 10 brings back the Start menu
Microsoft skips 9 for the "greatest enterprise platform ever".
 
Feeling Shellshocked?
Stay up to date with patching for the Bash bug.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  65%
 
Advanced persistent threats
  5%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1397

Vote