Complain about a product or service

Massive Data Breach At UCLA Endangers 800,000

By Martin H. Bosworth
ConsumerAffairs.com

December 12, 2006

Data Theft • 68,000 CalOptima Members at Risk in Data Breach • Express Scripts Extortion Scheme Widens • Technology Could Be Key To Stopping Unauthorized Charges • T-Mobile: No Hacking in Data Breach • T-Mobile Confirms Data Breach • Consumers Increasingly Concerned About Online Transactions • Are Identity Theft Services Worth the Cost? • Online Tools Help Spot Financial Fraud • Financial Fraud Hits 7.5 Percent Of Americans In 2008 • Feds Charge Mortgage Broker In Potential Data Breach • Millions of Credit Cards Exposed in Data Breach • 2008 Data Breach Total Soars • Bank Data Breach Threatens 248,000 in North Carolina • GPS Not Foolproof • Countrywide Warns Millions of Data Breach • Thieves Steal AT&T Laptop with Employee Data • Report: Data Breach Disclosure Laws Don't Affect Identity Theft • Patient Information Exposed in Data Breach at Walter Reed • Supermarket Chain Reports Data Breach • Report: Feds Still Not Doing Enough To Secure Data • Data Thieves Hit Georgetown University Students, Faculty • 800,000 Job Seekers At Risk In Gap Data Breach • TJX Data Breach Settlement Has Strings Attached • More ...

Hackers have gained access to databases at the University of California-Los Angeles (UCLA), making off with the personal information of 800,000 current and former students, employees, and faculty.

The data breach is thought to be the largest of its kind at an American college or university.

The breach first occurred in October 2005 but was not detected until November 2006, when it was blocked, according to a statement by UCLA's acting chancellor Norman Abrams.

The stolen information varies in content, but in many cases includes names, addresses, dates of birth, and Social Security numbers.

Despite the extraordinary duration of the hacker intrusion and the amount of information stolen, Abrams insisted there was no indication that the information had been used for identity theft or fraud as of yet.

He did not say why, in his opinion, hackers would steal the data if they did not intend to use it.

The hackers' attack involved targeting a single specific database using techniques to target Social Security numbers in particular, said UCLA's chief information officer Jim Davis.

The database even contained information on applicants who did not attend UCLA as well as parents of applicants seeking financial aid, going back as far as a decade.

Davis did not explain why the university had so much information and held it for so long.

Universities are increasingly prime targets for data thieves due to the huge amounts of information they amass on their students, often collected and organized by Social Security number.

College students also represent attractive targets for credit card fraud, since they have relatively unblemished credit histories and are swamped with solicitations for credit from the moment they step on campus.

Ohio University formerly held the dubious honor of being "Data Breach Central" after a breach at one of its health centers was revealed to be the latest in a series of intrusions that exposed the personal information of hundreds of thousands of students, faculty, and employees.

The breaches led to the firings of two administrators in Ohio University's IT department, who contested the moves and blamed the university management for failing to implement security procedures they devised to prevent such breaches.

Not long after the Ohio University breach, Sacred Heart University, in Fairfield, Connecticut, was hit with a hack attack. Like UCLA, Sacred Heart had been collecting data on applicants as well as attendees, and even students who filled out information at job fairs and exam testing services.

Last year, San Diego resident Eric McCarty exploited a vulnerability in the University of Southern California's (USC) online application site to gain access to the applicant database. McCarty, a former network administrator, used his expertise to circumvent the database's password protection and copy an undisclosed number of students' Social Security numbers.

McCarty was later arrested and pleaded guilty to a felony charge of unauthorized computer access.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Follow us on Twitter.

Back to the top |