Database attack exposes personal data at University of Maryland
The data included names, Social Security numbers, birth dates and university ID numbers
IDG News Service - Personal records for more than 309,000 students and staff were exposed this week in a "sophisticated" database attack at the University of Maryland, the university said Wednesday.
Birth dates, Social Security numbers, names and university ID numbers were compromised for people issued with a school ID and affiliated with the university's College Park and Shady Grove campuses since 1998, the school said.
Financial, academic, health and contact information such as phone numbers were not exposed, according to a statement attributed to Wallace D. Loh, the university's president.
The cause of the breach, which happened Tuesday, is unknown and an investigation is underway by federal and state law enforcement, Loh wrote. The school has 37,000 active students.
"Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed," he wrote. "Further, we are initiating steps to ensure there is no repeat of this breach."
Personal records are valuable to cybercriminals, who can compile dossiers on victims for the purposes of financial fraud, such as opening bank accounts or taking out loans. The data may also be valuable for other types of targeted attacks, such as spear phishing.
The incident is the latest in a string of breaches that have affected companies and organizations, including the retailer Target and Neiman Marcus. The attacks against those companies focused on intercepting payment card details from point-of-sale devices.
The university said a specific database of records maintained by its IT division containing 309,079 records was accessed on Tuesday. Loh wrote the university recently doubled the number of IT security engineers and analysts as universities have been increasingly targeted.
"Obviously, we need to do more and better, and we will," he wrote.
Those affected are being contacted. The university is offering a year of free credit monitoring and advised people to be careful when sharing their personal information.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts