UCSD breach leaves 3,500 exposed

January 18, 2005

By Eleanor Yang, Union-Tribune Staff Writer


A hacker breached the security of two University of California San Diego computers that stored the Social Security numbers and names of about 3,500 students and alumni of UCSD Extension.

The breach, which left the personal information exposed for as long as a couple of days, is the third such incident at UCSD in the past year.

University officials said yesterday that there is no evidence of identity theft. An investigation showed the hacker was using the servers to store music and movies, UCSD spokeswoman Dolores Davies said.

"This one was a real low-level breach," Davies said. "The exposure time was real short. Still, it's something we take seriously."

UCSD Extension provides a range of continuing-education and certificate programs. Those people affected had completed work on a UCSD Extension certificate within the past five years.

The breach was discovered in mid-November, and those who were affected were mailed notification letters the first week of January. Under state law, companies and state agencies are required to contact those whose computerized personal information, including Social Security numbers, has been compromised.

The notification letter recommends that recipients get a copy of their credit report and place fraud alerts on their credit files to avoid identity theft.

Officials said it took two months to notify those who were affected because officials first needed to determine the extent of the breach.

While most of the university has phased out using Social Security numbers for identification purposes, those stored on the server were among the last used for that reason, UCSD officials said.

Last spring, hackers breached security at the San Diego Supercomputer Center and the university's Business and Financial Services Department. In the larger of the two security breaches, four computers storing Social Security and driver license numbers for 380,000 UCSD students, alumni, faculty, employees and applicants were targeted. University officials said they don't know of any problems with identity theft following that incident.

For those with questions about the UCSD Extension breach, the university has set up a hotline: (858) 534-0427.

main page ATTRITION feedback