UCLA notifies 800,000 of personal data hack

Powered by SC Magazine

The University of California, Los Angeles alerted 800,000 people on Tuesday that their personal information may have been compromised after discovering that hackers have been exploiting an undetected security hole in a database for more than a year.

The database contains personal information about current and former students, faculty and staff, applicants and parents of students or applicants who applied for financial aid.

UCLA discovered the breach on Nov. 21 and immediately blocked access to Social Security numbers stored in the database. It also notified the FBI, which is conducting an investigation on the incident.

"In spite of our diligence, a sophisticated hacker found and exploited a subtle vulnerability in one of hundreds of applications," said Jim Davis, UCLA's chief information officer and associate vice chancellor for information technology.

"We deeply regret the concern and inconvenience caused by this illegal activity. We have reconstructed and protected the compromised database and launched a comprehensive review of all computer security measures to accelerate systematic enhancements that were already in progress."

Some security experts weren't convinced that the university effectively tried to prevent the hack.

"This is another example of the silent epidemic we are seeing right now," J.J. Schoch, director of marketing at Panda Software Labs told SC Magazine. "Viruses used to be very noisy, but now it is all about organised crime looking to make money very quietly. This illustrates the need for strong intrusion prevention - it is not whether you are attacked by malicious code, but whether there is malicious behavior happening. A good security solution could probably have notified them almost immediately that something was going on."

UCLA Acting Chancellor Norman Abrams informed affected individuals that the hacker accessed personal information of some of those in the database, but the university has no evidence that any data has been misused.

"We take our responsibility to safeguard personal information very seriously," Abrams said. "My primary concern is to make sure this does not happen again and to provide to the people whose data is stored in the database important information on how to minimise the risk of potential identity theft and fraud."

Click here to email Ericka Chickowski.

Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.