Hackers Break-in UCLA Database

Hackers have targeted the University of California-Los Angeles to gain access to personal information of about 800,000 current and former students, faculty and staff members. The attack appears to represent one of the most fresh 'computer security breaches' at an American University.

The school reported that there was an unauthorized access of the database from the central campus between October 2005 and November 21, 2006. The university discovered the breach when it noticed that someone was fishing through its database, specifically for names and Social Security numbers. These are precisely required to commit identity theft crimes.

According to Jim Davis, UCLA's 'chief information' on December 12, 2006, the hacker accessed only a small number (possibly less than 5%) of records containing 'Social Security numbers'.Davis further said the school still has not received any notification about the illegal access of its database to make unauthorized use of credit cards or for other fraudulent objectives.

UCLA has dispatched letters to all 800,000 people in the database with the suggestion that they get in touch with 'credit-reporting agencies' and do everything necessary to reduce the risk of identity theft. This database does not include 'drivers' license numbers', 'credit card', or 'banking' information.

Davis said the hacker(s) used sophisticated tactics to hide their tracks even when they spied on the database. The break in security was not due to any slackening of vigilance, but it was the sophistication of a malicious and focused attack that made it difficult to detect and trace the incident.

To access the database, hackers exploited a loophole in web-based software, said Davis. On the university's notification to the FBI, the agency has launched an investigation.

The UCLA case is the most recent in a range of violations affecting private organizations, financial institutions, government agencies and other big companies. The liberal nature of universities makes them a favorite target, according to many experts.

Though comprehensive statistics on computer intrusion at colleges do not exist but some specific related figures are available. There were at least 29 security failures in U.S. colleges in the first half of 2006 damaging 845,000 records.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 12/16/2006