UC-Davis student data breached by hacker

DAVIS, CALIF.— A Computer Hacker Compromised The Personal Information Of 1,500 University Of California Davis School Of Veterinary Medicine (Svm) Students And Applicants, Leaving The Facility To Fund At Least $25,000 In Credit Checks To Ensure Identity Safety.

Trying to establish campus computer accounts, students set to begin in the fall at UC-Davis SVM were told accounts already existed in their names, tipping off school officials to a breach in computer security in early June. It was the campus' third occurrence of protected information being accessed by an unauthorized party, but whether it will have the same result as the previous two — with no information being misused — is uncertain, says Pat Bailey, UC-Davis spokesperson. There were no reports of identity theft or improper use of the information at press time.

The hacker gained access to names, home addresses, Social Security numbers and birthdays of 1,495 SVM applicants — 1,120 applicants for the 2007-2008 school year, 131 of whom were accepted as students, and 375 applicants from the 2004-2005 school year, seven of whom are currently enrolled.

Upon learning of the situation, UC-Davis Dean Dr. Bennie Osburn sent a letter to all those affected, outlining the situation and recommending they initiate a credit check, funded by UC-Davis, to ensure the safety of their information. Admitted students were advised to change their computer passwords and security codes to prevent future system breaches, Bailey says.

Students were alarmed, but are taking precautions. "They were concerned, not angry. Concerned that they do the right thing, take the right steps to protect themselves. They were appreciative that the school was doing the credit checks," which students and applicants can request for up to a year, Bailey says.

With the investigation ongoing, police would not say whether they have any suspects, how the information was obtained or how long the hacker may have had access to the information before the breach was noticed.

UC-Davis is taking steps to improve security going forward.

"The university will be enhancing a number of prevention measures during the summer, including an intrusion-prevention system and a Web-application security scanner. The former technology will help remove malicious traffic from the campus network. The latter scanner will automate the detection of common security vulnerabilities in university Web-based computing applications," says Robert Ono, UC-Davis security coordinator for information technology.

Trendy theft

The incident reflects what the UC-Davis Police Department identified as an increasing threat nationwide.

"Identity theft is recognized by law enforcement as one of the fastest-growing crimes. The Federal Trade Commission estimates 9 million Americans fall victim to identity theft each year," says Lt. John Johnson, UC-Davis police.

Open, user-friendly systems and the level of personal information stored in university computer networks can make them an attractive target for hackers. Since 2006, almost 70 of more than 400 reported data breaches have occurred at major universities, according to Privacy Rights Clearinghouse, a consumer-information and advocacy group.

Computer systems typically are hacked to gain access to system information, utilize disk space for the storage of data files or programs or to gain control of a system to exploit other connected systems, Johnson says.

A direct benefit of having a student account at UC-Davis is access to the library system and online journals — free for those enrolled at SVM, but often costly for non-students to purchase and use, Bailey says.

Hackers can face a multitude of charges, including felony counts of unauthorized access to a computer and identity theft, Johnson says.