iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > UCLA Suffers Massive Security Breach
Search:
[ insider_reports_insider ]

UCLA Suffers Massive Security Breach



David Utter
Staff Writer
2006-12-12

SecurityProNews: Insider Reports Insider Reports RSS Feed


While it's not on the level of the CardSystems crack of 2005, attackers did manage to access UCLA's systems, putting some 800,000 people at risk.

UCLA Suffers Massive Security Breach
UCLA Suffers Massive Security Breach

Students, faculty, and staff members will receive letters from UCLA explaining the potential identity theft impact of a gaping breach in the school's network. For over a year, someone has been able to access a critical database at UCLA.

The Los Angeles Times said UCLA confirmed the attacks began in October 2005 and continued until being detected and stopped just before Thanksgiving of this year. During that time, the attackers had access to names, addresses, birthdays, and Social Security numbers for thousands of people.

That juicy information is all someone needs to perpetrate identity theft. Although UCLA acknowledged some Social Security numbers have been obtained, they have no knowledge of any misuse.

A school official described in general terms the attack responsible for the substantial breach in the report:

Jim Davis, UCLA's associate vice chancellor for information technology, described the attack as sophisticated, saying it used a program designed to exploit a flaw in a single software application among the many hundreds used throughout the Westwood campus.

"An attacker found one small vulnerability and was able to exploit it, and then cover their tracks," Davis said.

He said the problem was spotted when computer security technicians noticed an unusually high number of suspicious queries to the database. It took several days for investigators to be sure that it was an attack and to learn that Social Security numbers were the target, he said.
Several colleges around the country have been targeted in similar attacks. All of those malicious efforts focused on similar information, especially Social Security numbers.

Those numbers were never meant to be used as a unique identifier, but the persistence in using them as such, and the extreme difficulty in getting a new one after identity theft takes place, has made them a valuable commodity for those who can steal and use or sell them to other criminals.

---
Tag:

Add to Del.icio.us | Digg | Reddit | Furl

Get all the updates -




About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds