UCLA Admits Massive Data Hack - InformationWeek
Software // Enterprise Applications
12:59 PM

UCLA Admits Massive Data Hack

UCLA is alerting approximately 800,000 people that a hacker broke into a university database as long ago as October 2005; the intrusion wasn't detected until Nov. 21, 2006.

The University of California, Los Angeles, warned almost a million current and former students, faculty, and staff Tuesday of a data breach that may have exposed their identities to criminals.

UCLA is alerting approximately 800,000 people -- including some student applicants and their parents -- that a hacker broke into a university database as long ago as October 2005. The intrusion was not detected until Nov. 21, 2006.

"We take our responsibility to safeguard personal information very seriously," said acting chancellor Norman Abrams in a letter being sent to those affected by the breach. "My primary concern is to make sure this does not happen again and to provide to the people whose data is stored in the database important information on how to minimize the risk of potential identity theft and fraud."

The school blocked access to the database as soon as it discovered the problem. It is unknown how many identities were retrieved by the attacker, who used a zero-day vulnerability in the unspecified database software to hack into the system.

The database held Social Security numbers, dates of birth, home addresses, and other contact information, UCLA acknowledged, but did not contain bank or credit card account information.

"In spite of our diligence, a sophisticated hacker found and exploited a subtle vulnerability in one of hundreds of applications," said Jim Davis, UCLA's chief information officer, in a statement. "We deeply regret the concern and inconvenience caused by this illegal activity."

UCLA has set up a Web site and toll-free telephone number to handle queries and offer advice for those affected.

The breach, the largest ever in higher education according to records kept by the Privacy Rights Clearinghouse, is just the latest disclosure by a university that has suffered from an attack. In May, for example, Ohio University announced that 200,000 identities may have been exposed to hackers in three different break-ins during a two-week span. A month later, the school suspended two IT managers after an investigation into the breaches.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll