Major identity leak: UCLA database with 800K SSNs hacked


Largest personal data breach ever at a US educational institution. BoingBoing reader Jonathan says,

I just got an email from UCLA, linking to the above site, in my inbox. Someone hacked and accessed their database which contained social security numbers. But it wasn't the student database — I've never attended UCLA. It was their applications database — I applied to their law school 3 years ago.

Link to UCLA's announcement of the security breach, and here's a snip from a related LA Times article "UCLA data breach among worst of its kind":

In what appears to be one of the largest computer security breaches ever at an American university, one or more hackers have gained access to a UCLA database containing personal information on about 800,000 of the university's current and former students, faculty and staff members, among others.

UCLA officials said the attack on a central campus database exposed records containing the names, Social Security numbers and birth dates — the key elements of identity theft — for at least some of those affected. The attempts to break into the database began in October 2005 and ended Nov. 21, when the suspicious activity was detected and blocked, the officials said.

And Tom Zeller at the recently-launched New York Times blog "The Lede" has more:

The amount of personal data held by universities often make them a particularly juicy target for hackers. And lax network security – sometimes in place to facilitate communication across departments and schools and institutes, all linked under a rangy university system – can make them easy targets.

This is the second bit of bad news in roughly a month for U.C.L.A., which is still reeling from the disturbing, viral video of one of its students being tasered by campus officers in Powell Library. The school's chancellor announced an independent investigation into the incident on Nov. 17.

Link.