A data breach has recently been announced by University of Maryland officials, who stated more than 300,000 faculty, staff, students and others who were given an ID at their College Park and Shady Grove campuses have had their personal information exposed. The records stolen included names, Social Security numbers and date of birth.
“I am truly sorry,” Wallace D. Loh, the university president, said in a statement. “Computer and data security are a very high priority of our University.”
An outside source gained access to the personal information, which dated back to 1998, at about 4 a.m. on Tuesday. While the hacker(s) did not appear to change anything within the university’s computer system, Brian Voss, the vice president and chief information officer at U-Md., did confirm the attackers basically “made a Xerox of it and took off.”
Voss has found what concerns him most about the cyber-attack is how the hacker (or hackers) had a “very significant understanding” of how the university’s data is designed and protected. Voss also said that the security breach was in contrast to recent breaches in that the institution was not an easy target.
“That’s not what happened here,” Voss claimed. “There’s no open door. These people picked through several locks to get to this data.”
Loh addressed the university community in a letter stating that officials are currently investigating the breach and are doing what they can to prevent future thefts from occurring.
“Appropriate state and federal law enforcement authorities are currently investigating this incident,” Loh wrote. “Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed.”
Meghan Land, a staff attorney for the Privacy Rights Clearinghouse, a nonprofit group based in California, described the U-Md. breach to be very significant considering it included the compromise of Social Security numbers. However, according to the clearinghouse’s records, many colleges have dealt with data security issues over recent years.
In 2010, Ohio State University admitted to hackers penetrating its college server’s security, compromising the private information, such as names, birth dates and Social Security numbers, of nearly 750,000 people. The University of Virginia also had problems with students’ Social Security numbers after the numbers of more than 18,000 students were accidentally printed in the address field of the mailed health insurance forms.
Those whose personal information was affected during the U-Md. security breach are to be provided with free credit monitoring for a year, Loh added.