LAT: Major breach of UCLA's computer files: Personal information on thousands exposed

Major breach of UCLA's computer files
Personal information on thousands is exposed in one of the largest security break-ins ever at a U.S. university.
By Rebecca Trounson, Times Staff Writer
December 11, 2006

In what appears to be one of the largest computer security breaches ever at an American university, one or more hackers have gained access to a UCLA database containing personal information on about 800,000 of the university's current and former students, faculty and staff members, among others.

UCLA officials said the attack on a central campus database exposed records containing the names, Social Security numbers and birth dates — the key elements of identity theft — for at least some of those affected. The attempts to break into the database began in October of 2005 and ended Nov. 21, when the suspicious activity was detected and blocked, the officials said.

In a letter scheduled to be sent today to potential victims of the breach, acting Chancellor Norman Abrams said that although some Social Security numbers were obtained by the hackers, the university had no evidence that any of the information had been misused....

Abrams urged those whose records might have been accessed to monitor their consumer credit files and consider fraud alerts and other precautions.

The UCLA incident is the latest in a series of computer security breaches affecting private organizations, financial institutions, government agencies and other large employers. Partly because of their tradition of openness, universities are proving to be a favorite — and often vulnerable — target, several experts in the field said Monday....

http://www.latimes.com/news/local/la-me-ucla12dec12,0,7111141.story?coll=la-home-headlines

http://news.zdnet.com/2100-1009_22-6143003.html

In one of the largest known security breaches at a university, the database at the University of California, Los Angeles has been broken into, exposing the private information of about 800,000 people.

Administrators discovered November 21 that the database had been compromised, according to a letter dated Tuesday that was posted to the university's Web site (PDF here). The hacker had exploited a previously undetected software flaw and gained access to the database from October 2005 until the discovery, Norman Abrams, acting UCLA chancellor, said in the letter.

"While we are uncertain whether your personal information was actually obtained, we know that the hacker sought and retrieved some social security numbers," Abrams said.

The breach affects UCLA students, staff, applicants and some students' parents. It also included information on current and some former faculty and staff at the University of California, Merced, and at the University of California Office of the President.

Sensitive information stored in the database included social security numbers, home addresses, dates of birth and contact information. Financial information, such as credit card numbers or bank accounts, were not housed in the database.

has been accessed. I wish they'd be caught in the act. I'm in IT and a college and it seems strange to me that they have been having breakins since Oct 05 and just now caught them. Our DBAs and security guys monitor the systems daily and even question if an authorized person's ID shows too much activity against personal info. We also have programs that alert to that type of access (watchdogs), so it just doesn't seem quite right to me.

BTW, did you guys catch the other article on that page about blind hunters? I had to do a double-take to make sure the UCLA story was legit because with the blind hunter story, I thought it was a joke.

http://www.latimes.com/news/nationworld/nation/la-na-guns12dec12,0,4840772.story?coll=la-default-underdog

There are easier ways for them to get this information than by exploiting some software flaw to hack a bunch of SSN's out of a database.

Given the length of time the hack occurred over, I'd guess that it was an ongoing low-level download of the database. Massive queries are easy to notice and block. Small queries that only pull 5 or 6 records a day? Not so easy to spot. Since a complete stolen ID has a street value of about $40, even pulling at low levels to avoid detection would be fairly lucrative.

I've seen similar attacks before, and the only way to detect them is to analyze query rates over the long term, and then rule out natural usage growth as the cause of the increase. Unless your DBA is completely on the ball and looking at every query, these can take some time to catch. At my college, we literally have over 10,000 tables in the various databases, which are accessed by countless thousands of queries a day, so analyzing every query is out of the question. The best our DBA can do is to chart traffic and look for any anomalous traffic spikes.