University Hack Places 380,000 At Risk For ID Theft

May 7, 2004

By George V. Hulme, Information Week

The University of California, San Diego, has put roughly 380,000 people, including students, alumni, applicants, and employees on notice that they're at risk for identity theft stemming from a hacker break-in that was discovered last month.

A California state law requires any organization that suffers a security breach involving certain types of financial account information inform those affected within a reasonable time frame.

According to a statement published Thursday, the breach was discovered during the weekend of April 16, when IT administrators discovered two systems had been compromised by "unauthorized intruders via the Internet." Further examination of the breach revealed that two additional systems also had been compromised.

The comprised systems were managed by the UCSD Business and Financial Services Department, the statement said, and affected 178,000 current and former students, 2,400 current and former faculty members, and 1,400 current and former staff members, as well as 198,000 applicants who didn't enroll at the university.

The university said that following a forensics examination, there was no evidence that the actual personal data residing on the systems was accessed. Also, no signs of identity theft have been reported to the university stemming from the attack.

The intruder had been using university disk space to store digital DVD movies.

"Our main concern at this point is to inform people whose private information has been exposed by this illegal intrusion, provide them guidance on what steps they can take to protect themselves from potential identity theft, and also to assure them that we have taken strong and immediate steps to bolster our defenses against any future attacks," university controller Don Larson said in the statement.

The university has established a Web site for those affected by the breach.

main page ATTRITION feedback