Member Sign In
Not a member?

A Wired.com user account lets you create, edit and comment on Webmonkey articles. You will also be able to contribute to the Wired How-To Wiki and comment on news stories at Wired.com.


It's fast and free.

Sign in with OpenID
Sign In
Webmonkey is a property of Wired Digital.
processing...
Join Webmonkey
Please send me occasional e-mail updates about new features and special offers from Wired/Webmonkey.
Yes No
Please send occasional e-mail offers from Wired/Webmonkey affiliated web sites and publications, and carefully selected companies.
Yes No
I understand and agree that registration on or use of this site constitutes agreement to Webmonkey's User Agreement and Privacy Policy.
Webmonkey is a property of Wired Digital.
processing...

Retrieve Sign In

Please enter your e-mail address or username below. Your username and password will be sent to the e-mail address you provided us.

or
Webmonkey is a property of Wired Digital.
processing...

Welcome to Webmonkey

A private profile page has been created for you.
As a member of Webmonkey, you can now:
  • edit articles
  • add to the code library
  • design and write a tutorial
  • comment on any Webmonkey article
Close
Webmonkey is a property of Wired Digital.

Sign In Information Sent

An e-mail has been sent to the e-mail address registered in this account.
If you cannot find it in your in-box, please check your bulk or junk folders.
Sign In
Webmonkey is a property of Wired Digital.

UCLA Security Breach

By Michael Calore December 12, 2006 Categories: Web Basics

UclaUCLA has revealed what might be the largest computer security breach ever at an American university. University officials say hackers broke into a database containing personal information on about 800,000 current and former students, faculty and staff members.

UCLA officials say the database accessed by the attackers contained personal records with the names, Social Security numbers, birth dates, home addresses and other contact information. The database in question did not contain any banking or credit card information, but given the amount of personal data it did contain, the attackers could potentially steal the victim’s identities.

So far the University says that there is no evidence that information has been used in any way, but UCLA officials will be sending out a letter later today to those effected by the breach encouraging them to keep an eye on their consumer credit files and consider enabling fraud protection.

According to the UCLA announcement:

an unauthorized person exploited a previously undetected software flaw and fraudulently accessed the database between October 2005 and November 2006. When UCLA discovered this activity on Nov. 21, 2006, computer security staff immediately blocked all access to Social Security numbers and began an emergency investigation.

As noted above, the exploit and attacks appear to have been going on for just over a year. UCLA security technicians discovered the exploit when they noticed a series of suspicious database queries.

In the UCLA press release Acting Chancellor Norman Abrams says, “We take our responsibility to safeguard personal information very seriously.” He went on to assure students, “my primary concern is to make sure this does not happen again and to provide to the people whose data is stored in the database important information on how to minimize the risk of potential identity theft and fraud.”

The Los Angeles Times reports that there are “no comprehensive statistics on computer break-ins at colleges.” However, the Times goes on to say, “in the first six months of this year alone, there were at least 29 security failures at colleges nationwide, jeopardizing the records of 845,000 people.”

Also see the coverage on the 27B Stroke 6 blog.

Tags: security
Post Comment Comments Permalink Print
Reddit Digg
 
Subscribe now

Special Offer For Webmonkey Users

WIRED magazine:
The first word on how technology is changing our world.

Subscribe for just $10 a year