A criminal investigation into the apparent hacking and misuse of computerized veterinary medical school admissions records has been launched by the University of California, Davis, Police Department, in cooperation with the Sacramento Valley High Tech Crimes Task Force.
On June 15, the university determined that its computer-security safeguards had been breached and someone had gained access to the personal information of an estimated 1,120 applicants to the School of Veterinary Medicine for the 2007-2008 school year, including 131 accepted students. The hacker had accessed information including the applicants' names, birth dates and, in most cases, Social Security numbers.
The security breach became apparent when applicants who had recently been admitted to the School of Veterinary Medicine attempted to set up campus computer accounts and were notified that accounts had already been established in their names. Further investigation revealed that the records of 375 veterinary medical school applicants for the 2004-2005 school year -- seven of them admitted students -- also might have been illegally accessed.
"We are working with law enforcement officials to determine how the campus computer-security system was penetrated and to track those who are responsible," said Dean Bennie Osburn of the School of Veterinary Medicine. "We deeply regret this breach of security and are notifying the affected individuals to help them identify and protect against any unlawful use of their personal information.
"The campus is committed to maintaining the privacy of the students' and applicants' personal information and will continue to implement additional measures to enhance the security of sensitive information," Osburn added.
On June 27, Osburn sent e-mails and letters to the applicants and students whose information had been accessed, warning them to be especially alert for signs of misuse of their personal identity. Those individuals also were advised to contact law enforcement, their financial agency and the major credit bureaus to place a fraud alert on their accounts and periodically run credit reports to ensure that financial accounts have not been activated without their knowledge.
In his e-mails and letters, Osburn announced that UC Davis, at its own expense, will make available a one-year credit monitoring service for those affected by the incident. This service would alert individuals to suspicious credit report activity.
The dean also advised the individuals that additional information related to identity theft could be obtained from the Federal Trade Commission, the Social Security administrations' fraud line and the Identify Theft Victim Web site.
"We also are recommending that the applicants who have been admitted to UC Davis immediately change their campus computer passwords and establish validation questions as safeguards for their accounts," said Osburn. "These verification questions will prevent an unauthorized party from using their identity information to make password changes for private campus computing accounts."
While there have been other confirmed instances of unauthorized access to university computer systems, campus administrators believe this is the first time they have found evidence that such information was actually used for fraudulent purposes.
Leading the current criminal investigation is UC Davis Police Detective Michael Green, who is a member of the Sacramento Valley High Tech Crimes Task Force. The task force conducts investigations that involve multiple law-enforcement jurisdictions, including cases related to high technology fraud and identity theft.