[Dataloss] Man charged with accessing USC student data
lyger
lyger at attrition.org
Fri Apr 21 09:36:35 EDT 2006
http://www.securityfocus.com/brief/191
Posted by: Robert Lemos
Federal prosecutors charged a San Diego-based computer expert on Thursday
with breaching the security of a database server at the University of
Southern California last June and accessing confidential student data.
A statement from the U.S. Attorney for the Central District of California
names 25-year-old Eric McCarty as the person who contacted SecurityFocus
last June with news of a flaw in the Web server and database system used
to accept online applications from prospective students. SecurityFocus
notified the University of Southern California of the vulnerability and
worked with the university to close the flaw before publishing an article
about the issue.
The flaw could have allowed an attacker to send commands to the database
that powered the site by using the user name and password text boxes.
USC's Information Services Division confirmed the problem and shuttered
the site, which contained data on nearly 280,000 applicants, on June 20 as
a precaution. The university believes, and the prosecutors allege, that
only a handful of records were actually accessed.
[...]
More information about the Dataloss
mailing list