Breach at UCLA exposes data on 800,000 - Network World

Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

BitTorrent blocking; SQL injection attack. Listen now!

Network World 360

Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!

Network World 360

Additional Resources

RSS

FEATURED WHITEPAPERS

Endpoint Security: Data Protection for IT, Freedom for Laptop Users Absolute Software

The movement towards laptop computers has fueled an unprecedented number of data breaches. For IT and Information Security, encryption and training has proven ineffective against careless users and insider threats. This paper discusses these limitations and explains how endpoint security allows remote deletion of sensitive data, tracking of computers outside the network and the physical recovery of missing computers. Learn how you can ensure mobile data protection regardless of end-user interference.

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Learn how to Create a More Efficient Virtualized Data Center Novell

Find out how you can consolidate Windows workloads and create a more efficient virtualized data center in this informative webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization." Six concise webcast modules are available for your viewing. Watch them all consecutively or only the topics that interest you. The modules cover performance, user case studies, enterprise-level support, managing windows workloads, setup and configuration and the future of virtualization. Learn more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

This is a good, basic, common sense article - thank you. Time to time it is forgotten that no system...- tuomoks

Join the Discussion

Breach at UCLA exposes data on 800,000

By Jaikumar Vijayan , Computerworld , 12/12/2006
  • Social Web 
  • Email 
  • Feedback 
  • Close

The University of California, Los Angeles, Tuesday began sending out letters to more than 800,000 individuals whose personal information may have been compromised in a database breach that remained undetected for more than a year.

A statement posted on the university's Web site said that intruders appear to have taken advantage of a previously "undetected software flaw" in one of its "hundreds" of software applications to gain access to the restricted database. Attempts to access the database have apparently been going on since October 2005, according to the statement.

The breach was discovered on Nov. 21 this year, when the university's computer security technicians noticed an "exceptionally high volume of suspicious database queries," the statement read. "An emergency investigation indicated that access attempts had been made since October 2005 and that the hacker specifically sought Social Security numbers," said Jim Davis, the university's CIO and associate vice chancellor of IT, in the statement. The FBI was notified of the breach.

The breached database includes the names, Social Security numbers, dates of birth and addresses of current and former faculty, staff and students and, in some cases, the parents of students at the university.

"We deeply regret the concern and inconvenience caused by this illegal activity," Davis was quoted as saying. He added that the university has since "reconstructed and protected" the breached database. He did not specify what measures the university has taken to mitigate the problem.

Although the hacker may have obtained personal information on some of the individuals, there is no evidence that the data has been misused, said Acting Chancellor Norman Abrams in the statement.

University officials could not be reached immediately for further comment.

That the breach remained undetected for more than a year is troubling but not entirely surprising, especially in a university environment, said Andrew Jaquith, an analyst at Yankee Group Research Inc. in Boston. There is still a widely held misperception that monitoring and auditing databases for security breaches imposes a "ridiculous penalty on performance," he said. As a result, many organizations fail to keep an eye on their databases and miss breaches of the sort that happened at UCLA, he said.

1 | 2 |  Next >
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code