UCLA notifies 800,000 of personal data hack

Powered by SC Magazine
 

The University of California, Los Angeles alerted 800,000 people on Tuesday that their personal information may have been compromised after discovering that hackers have been exploiting an undetected security hole in a database for more than a year.

The database contains personal information about current and former students, faculty and staff, applicants and parents of students or applicants who applied for financial aid.

UCLA discovered the breach on Nov. 21 and immediately blocked access to Social Security numbers stored in the database. It also notified the FBI, which is conducting an investigation on the incident.

"In spite of our diligence, a sophisticated hacker found and exploited a subtle vulnerability in one of hundreds of applications," said Jim Davis, UCLA's chief information officer and associate vice chancellor for information technology.

"We deeply regret the concern and inconvenience caused by this illegal activity. We have reconstructed and protected the compromised database and launched a comprehensive review of all computer security measures to accelerate systematic enhancements that were already in progress."

Some security experts weren't convinced that the university effectively tried to prevent the hack.

"This is another example of the silent epidemic we are seeing right now," J.J. Schoch, director of marketing at Panda Software Labs told SC Magazine. "Viruses used to be very noisy, but now it is all about organised crime looking to make money very quietly. This illustrates the need for strong intrusion prevention - it is not whether you are attacked by malicious code, but whether there is malicious behavior happening. A good security solution could probably have notified them almost immediately that something was going on."

UCLA Acting Chancellor Norman Abrams informed affected individuals that the hacker accessed personal information of some of those in the database, but the university has no evidence that any data has been misused.

"We take our responsibility to safeguard personal information very seriously," Abrams said. "My primary concern is to make sure this does not happen again and to provide to the people whose data is stored in the database important information on how to minimise the risk of potential identity theft and fraud."


Click here to email Ericka Chickowski.


 
 
 
Top Stories
Government exploit vendor hacked, client data exposed
Update: Australian agencies potentially compromised.
 
Australia's digital crescendo
Barely unpacked from his move from Amsterdam, Southern Cross Austereo's new digital boss Vijay Solanki is looking for Australia's untapped potential.
 
Turnbull nabs UK govt digital guru as DTO chief
Inaugural CEO to lead change agenda.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Is site blocking effective in stopping piracy?


   |   View results
Yes
  2%
 
No
  86%
 
Somewhat
  12%
TOTAL VOTES: 862

Vote