In yet another cautionary tale to universities to beef up database security, hackers compromised as many as 800,000 records of personal information, making UCLA the victim of the largest computer security breach ever at an American university.
Personal information from UCLA's database of more than 800,000 current and former students, faculty and staff members, among others, were compromised over a year, reports the Los Angeles Times.
The information included names, Social Security numbers and birth dates. According to acting Chancellor Norman Abrams, a letter to those affected by the breach will be sent to those affected and advising them what to look out for.
"We take our responsibility to safeguard personal information very seriously," Abrams said in the letter, which was scheduled to be mailed or emailed overnight to those whose records were compromised. "My primary concern is to make sure this does not happen again" and to provide information to try to minimize the risk of identity theft for those affected, said Abrams.
Universities tend to be a favorite target of hackers as they have a tradition of openness and large databases of personal information—a goldmine for personal identity thieves.
"Universities tend to have a lot of information floating around in a lot of different places," said Jay Foley, executive director of the Identity Theft Resource Center, a San Diego-based nonprofit. "They are places we send our children to share ideas, and it's hard to mix the open sharing of ideas with the need to tighten down on security."
Thus far, there is no evidence of of any fraudulent or illegal use of the information.
The attack was very sophisticated, using a program designed to exploit a flaw in a single software application said Jim Davis, UCLA's associate vice chancellor for information technology.
"An attacker found one small vulnerability and was able to exploit it, and then cover their tracks," Davis said.
The breach was discovered when computer security technicians noticed an unusually high number of suspicious queries to the database.