[ISN] Hacker breaches computers that store UCSD Extension student, alumni data

InfoSec News isn at c4i.org
Tue Jan 18 06:38:53 EST 2005


By Eleanor Yang
January 18, 2005 

A hacker breached the security of two University of California San
Diego computers that stored the Social Security numbers and names of
about 3,500 students and alumni of UCSD Extension.

The breach, which left the personal information exposed for as long as
a couple of days, is the third such incident at UCSD in the past year.

University officials said yesterday that there is no evidence of
identity theft. An investigation showed the hacker was using the
servers to store music and movies, UCSD spokeswoman Dolores Davies

"This one was a real low-level breach," Davies said. "The exposure
time was real short. Still, it's something we take seriously."

UCSD Extension provides a range of continuing-education and
certificate programs. Those people affected had completed work on a
UCSD Extension certificate within the past five years.

The breach was discovered in mid-November, and those who were affected
were mailed notification letters the first week of January. Under
state law, companies and state agencies are required to contact those
whose computerized personal information, including Social Security
numbers, has been compromised.

The notification letter recommends that recipients get a copy of their
credit report and place fraud alerts on their credit files to avoid
identity theft.

Officials said it took two months to notify those who were affected
because officials first needed to determine the extent of the breach.

While most of the university has phased out using Social Security
numbers for identification purposes, those stored on the server were
among the last used for that reason, UCSD officials said.

Last spring, hackers breached security at the San Diego Supercomputer
Center and the university's Business and Financial Services
Department. In the larger of the two security breaches, four computers
storing Social Security and driver license numbers for 380,000 UCSD
students, alumni, faculty, employees and applicants were targeted.  
University officials said they don't know of any problems with
identity theft following that incident.

For those with questions about the UCSD Extension breach, the
university has set up a hotline: (858) 534-0427.

More information about the ISN mailing list