BreachExchange mailing list archives
Re: Major breach of UCLA's computer files
From: George Toft <george () myitaz com>
Date: Tue, 23 Jan 2007 23:49:32 -0700
They made the CNN top 101 list (101 Dumbest Moments in Business) http://money.cnn.com/galleries/2007/biz2/0701/gallery.101dumbest_2007/96.html Highlight is that they estimate a $10M price tag to notify the affected individuals. George Toft, CISSP, MSIS Dissent wrote:
http://www.latimes.com/news/local/la-me-ucla12dec12,0,7111141.story?coll=la-home-headlines In what appears to be one of the largest computer security breaches ever at an American university, one or more hackers have gained access to a UCLA database containing personal information on about 800,000 of the university's current and former students, faculty and staff members, among others. UCLA officials said the attack on a central campus database exposed records containing the names, Social Security numbers and birth dates — the key elements of identity theft — for at least some of those affected. The attempts to break into the database began in October of 2005 and ended Nov. 21, when the suspicious activity was detected and blocked, the officials said. In a letter scheduled to be sent today to potential victims of the breach, acting Chancellor Norman Abrams said that although some Social Security numbers were obtained by the hackers, the university had no evidence that any of the information had been misused. [...] At UCLA, officials said Monday that the targeted database included records for the university's current and former students, faculty and staff, in some cases dating to the early 1990s. Others potentially affected included some applicants during the last five years who did not enroll at the university, as well as some parents of students or applicants who had applied for financial aid. About 3,200 of those being notified are current or former staff and faculty of UC Merced and current or former staff of UC's Oakland headquarters. UCLA handles administrative processing for both groups. Besides names, Social Security numbers and birth dates of those affected, the database includes home addresses and contact information, officials said. It does not contain driver's license numbers or credit card or banking information. [...]
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 145 million compromised records in 544 incidents over 7 years.
Current thread:
- Re: Major breach of UCLA's computer files George Toft (Jan 24)