Hackers Make Off With Personal Info On Applicants At UC Davis

As if being rejected from a college wasn't bad enough, about 1,000 aspiring veterinarians were informed Wednesday by the University of California Davis that a cyber intrusion uncovered earlier in the month may have compromised name, birth-date, and, in most cases, Social Security number information submitted to the school as part of the application process.

The University of California Davis Police Department and Sacramento Valley High Tech Crimes Task Force are investigating the possible theft and misuse of records containing information on about 1,120 aspiring veterinarians who'd applied to UC Davis School of Veterinary Medicine for the school year starting this fall. Only 131 of the applicants had been accepted into the program.

Law enforcement was alerted to the intrusion on June 15, after applicants admitted into the School of Veterinary Medicine attempted to set up campus computer accounts but were notified that accounts had already been established in their names. This led law enforcement to discover that the records of 375 veterinary medical school applicants for the 2004-2005 school year -- seven of them currently studying at the school -- also might have been compromised.

School of Veterinary Medicine Dean Bennie Osburn Wednesday faced the unpleasant task of sending e-mails and letters to applicants and students whose information had been compromised. In a statement issued by the school, Obsurn offered what's become the standard response to data breaches: regret for the security breach, assurances that the school is working with law enforcement, promises of improved security, and advice to place fraud alerts on their credit-card accounts and to periodically run credit reports to ensure new financial accounts haven't been surreptitiously opened in the students' names.

"We also are recommending that the applicants who have been admitted to UC Davis immediately change their campus computer passwords and establish validation questions as safeguards for their accounts," Osburn said in a statement. "These verification questions will prevent an unauthorized party from using their identity information to make password changes for private campus computing accounts."

Even professionals who long ago traded in their books for briefcases aren't safe. Bowling Green State University is notifying current and former students of a certain accounting professor that a computer flash drive with information about them has been lost. Files on the portable storage device contained Social Security numbers for 199 students from the professor's classes in 1992, and the names, grades, and university identification numbers -- although not the Social Security numbers -- for about another 1,600 other students.

Of course UC Davis and other educational institutions are far from the only organizations dealing with the aftermath of a cyber intrusion or other data loss. Not even the Defense Department is safe from malicious hackers, who last week forced the military agency to take an estimated 1,500 computers offline. And Congress last week gave the Homeland Security Department a stern talking to over the 844 reported "cybersecurity incidents" that agency has experienced over the past two years.