UCLA Database Hole Exposed 800,000 to ID Theft

In a stunning disclosure, the University of California, Los Angeles (UCLA) Tuesday said a restricted campus database with the Social Security numbers and other personal information about some 800,000 current and some former students has been hacked.

The information includes names, Social Security numbers, dates of birth, home addresses and contact information for students, staff and student applicants who applied for financial aid.

The database was restricted to users whose job required they access it.

But UCLA officials said they discovered November 21 that an unauthorized person had exploited a previously undetected software flaw and accessed the database from October 2005 to November of this year.

Jim Davis, UCLA’s chief information officer and associate vice chancellor of information technology, said a “sophisticated hacker found and exploited a subtle vulnerability in one of hundreds of applications.”

“We deeply regret the concern and inconvenience caused by this illegal activity,” Davis said in a statement.

“We have reconstructed and protected the compromised database and launched a comprehensive review of all computer security measures to accelerate systematic enhancements that were already in progress.”

So far, the university’s investigation indicates only that the hacker sought and obtained “some” but not all of the Social Security numbers.

The university said its security staff immediately blocked access to the Social Security numbers once it discovered the breach and began an investigation.

Taking what it said was an “abundance of caution,” UCLA notified all 800,000 people whose names are listed in the restricted database.

The FBI has also been notified and is conducting its own investigation.

Ironically, the university’s UCLA Today Web site featured a front page story headlined “IT Expert Protects Campus From Cyber Attack” on November 21, the same day UCLA uncovered the breach.

The story profiled Ross Bollens, who was named a director of IT security at UCLA in August.

“Hackers today create large networks of compromised machines, and these ‘botnets’ (define) can be utilized to send spam, generate denial-of-service attacks and harvest personal information such as user IDs, passwords, and Social Security and credit card numbers,” said Bollens, as quoted in that article.

Lawrence Magid, a privacy expert who runs the SafeTeens.com Web site and who has a son at UCLA, expressed concern over the vulnerability.

“These things happen all the time but when it happens to your own family you take it extra seriously,” Magid told internetnews.com.

“Even though no credit card information was taken, I’d be concerned about someone using the information they obtained to apply for credit in my son’s name.”

In a letter sent to those affected in the database, UCLA acting Chancellor Norman Abrams warned that “dishonest people falsely identifying themselves as UCLA representatives might contact you and offer assistance.”

Abrams also said UCLA will not be contacting anyone by phone, e-mail or other method to ask for personal information.

“I strongly urge you not to release any personal information in response to inquiries of this nature,” he said.

In the meantime, UCLA has set up a Web site and toll-free call center, (877) 533-8082, with information on how those affected can protect their identity from misuse.

Identity theft is a fast-growing problem.

As of the end of October 2006, there were at least 192 publicized large breaches, according to the Identity Theft Resource Center; this represented a 22 percent increase from 158 incidents in 2005, not including November and December of this year.

This article was first published on InternetNews.com. To read the full article, click here.

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020