Complain about a product or service

Data Thieves Hit University of California-San Francisco

By Martin H. Bosworth
ConsumerAffairs.com

April 5, 2007

Data Theft • Supermarket Chain Reports Data Breach • Report: Feds Still Not Doing Enough To Secure Data • Data Thieves Hit Georgetown University Students, Faculty • 800,000 Job Seekers At Risk In Gap Data Breach • TJX Data Breach Settlement Has Strings Attached • More ...

The personal information of 46,000 students at the University of California, San Francisco (UCSF) may have been exposed in a computer security breach, according to a statement released by the university. The compromised data included names, addresses, Social Security numbers, payroll and account information.

UCSF said that a server located at the university's Office of the President in Oakland had been compromised. The university claimed that the server had been immediately taken offline and that no data appeared to have been explicitly accessed, but warnings were issued nonetheless. The university set up a Web site to answer questions about the breach and provide more information.

UCSF mailed notices to the affected individuals and urged them to order their credit reports, but the university is not providing credit monitoring, saying that "while credit bureaus offer fee-based monitoring services, it is up to individual parties to determine whether they wish to pay for such services."

The UCSF incident is the latest in a rash of data breaches and outside hacks plaguing colleges and universities.

Centers of higher learning are prime targets for hackers and cybercriminals, due to lack of spending on information security, antiquated software protection, and the huge troves of personal information collected from students during their time at school.

College students also make attractive targets for fraud because they have relatively clean credit records, and are inundated with solicitations for credit from the moment they step onto campus.

The University of California, Los Angeles (UCLA) currently holds the record for the largest breach of personal information at a university, when hackers broke into a database and made off with information on 800,000 students, faculty, employees, and even applicants. The information dated back at least ten years, while the breach itself was ongoing in October 2005 and discovered in November 2006.

Ohio University, the previous record holder, was hit with multiple data breaches over several years, leading to the exposure of information belonging to nearly 500,000 students, faculty, and employees. The university's chief information officer resigned and several employees were terminated as a result of the breach.

Johns Hopkins, the parent organization of Johns Hopkins University in Maryland and Washington, D.C., suffered a data breach in February 2007 when a contractor lost data tapes containing information on 83,000 Johns Hopkins Hospital patients and 52,000 employees. The university conducted an investigation and concluded the tapes had been destroyed.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Back to the top |