[Dataloss] Major breach of UCLA's computer files

George Toft george at myitaz.com
Wed Jan 24 01:49:32 EST 2007 

They made the CNN top 101 list (101 Dumbest Moments in Business)
http://money.cnn.com/galleries/2007/biz2/0701/gallery.101dumbest_2007/96.html

Highlight is that they estimate a $10M price tag to notify the affected 
individuals.

George Toft, CISSP, MSIS


Dissent wrote:
> http://www.latimes.com/news/local/la-me-ucla12dec12,0,7111141.story?coll=la-home-headlines
> 
> In what appears to be one of the largest computer security breaches
> ever at an American university, one or more hackers have gained access
> to a UCLA database containing personal information on about 800,000 of
> the university's current and former students, faculty and staff
> members, among others.
> 
> UCLA officials said the attack on a central campus database exposed
> records containing the names, Social Security numbers and birth dates
> — the key elements of identity theft — for at least some of those
> affected. The attempts to break into the database began in October of
> 2005 and ended Nov. 21, when the suspicious activity was detected and
> blocked, the officials said.
> 
> In a letter scheduled to be sent today to potential victims of the
> breach, acting Chancellor Norman Abrams said that although some Social
> Security numbers were obtained by the hackers, the university had no
> evidence that any of the information had been misused.
> 
> [...]
> 
> At UCLA, officials said Monday that the targeted database included
> records for the university's current and former students, faculty and
> staff, in some cases dating to the early 1990s. Others potentially
> affected included some applicants during the last five years who did
> not enroll at the university, as well as some parents of students or
> applicants who had applied for financial aid.
> 
> About 3,200 of those being notified are current or former staff and
> faculty of UC Merced and current or former staff of UC's Oakland
> headquarters. UCLA handles administrative processing for both groups.
> 
> Besides names, Social Security numbers and birth dates of those
> affected, the database includes home addresses and contact
> information, officials said. It does not contain driver's license
> numbers or credit card or banking information.
> 
> [...]
> 
>

More information about the Dataloss mailing list