[ISN] Hacker breaches computers that store UCSD Extension student, alumni data

From: InfoSec News (isn@private)
Date: Tue Jan 18 2005 - 03:38:53 PST


http://www.signonsandiego.com/news/education/20050118-9999-1m18hack.html

By Eleanor Yang
UNION-TRIBUNE STAFF WRITER
January 18, 2005 

A hacker breached the security of two University of California San
Diego computers that stored the Social Security numbers and names of
about 3,500 students and alumni of UCSD Extension.

The breach, which left the personal information exposed for as long as
a couple of days, is the third such incident at UCSD in the past year.

University officials said yesterday that there is no evidence of
identity theft. An investigation showed the hacker was using the
servers to store music and movies, UCSD spokeswoman Dolores Davies
said.

"This one was a real low-level breach," Davies said. "The exposure
time was real short. Still, it's something we take seriously."

UCSD Extension provides a range of continuing-education and
certificate programs. Those people affected had completed work on a
UCSD Extension certificate within the past five years.

The breach was discovered in mid-November, and those who were affected
were mailed notification letters the first week of January. Under
state law, companies and state agencies are required to contact those
whose computerized personal information, including Social Security
numbers, has been compromised.

The notification letter recommends that recipients get a copy of their
credit report and place fraud alerts on their credit files to avoid
identity theft.

Officials said it took two months to notify those who were affected
because officials first needed to determine the extent of the breach.

While most of the university has phased out using Social Security
numbers for identification purposes, those stored on the server were
among the last used for that reason, UCSD officials said.

Last spring, hackers breached security at the San Diego Supercomputer
Center and the university's Business and Financial Services
Department. In the larger of the two security breaches, four computers
storing Social Security and driver license numbers for 380,000 UCSD
students, alumni, faculty, employees and applicants were targeted.  
University officials said they don't know of any problems with
identity theft following that incident.

For those with questions about the UCSD Extension breach, the
university has set up a hotline: (858) 534-0427.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Tue Jan 18 2005 - 10:19:28 PST