'University of Maryland computer security breach exposes 300,000 records' diff viewer (1/2)

This article is from the source 'washpo' and was first published or seen on February 20, 2014 00:18 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.washingtonpost.com/local/college-park-shady-grove-campuses-affected-by-university-of-maryland-security-breach/2014/02/19/ce438108-99bd-11e3-80ac-63a8ba7f7942_story.html?wprss=rss_homepage

The article has changed 6 times. There is an RSS feed of changes available.

Previous version 1 2 3 4 5 Next version

Previous version 1 2 3 4 5 Next version

Version 1	Version 2
U-Md. computer security attack exposes 300,000 records	U-Md. computer security attack exposes 300,000 records
2014-02-20 02:20:31 UTC	2014-02-20 03:35:14 UTC (about 1 hour later)
More than 300,000 personal records for faculty, staff and students who have received identification cards at the University of Maryland were compromised in a computer security breach this week, school officials said.	More than 300,000 personal records for faculty, staff and students who have received identification cards at the University of Maryland were compromised in a computer security breach this week, school officials said.
The breach occurred at about 4 ~~a.m.~~ Tuesday, when an outside source gained access to a secure records database that holds information dating ~~back~~ to 1998. ~~Brian~~ ~~Voss,~~ ~~vice~~ ~~president~~ ~~and~~ ~~chief~~ ~~information~~ ~~officer~~ at ~~U-Md.,~~ ~~said~~ ~~officials~~ ~~believe~~ ~~that~~ ~~whoever~~ ~~got~~ ~~into~~ ~~the~~ ~~database~~ ~~duplicated~~ ~~the~~ ~~information,~~ ~~which~~ ~~includes~~ ~~names,~~ ~~Social~~ ~~Security~~ ~~numbers,~~ ~~dates~~ of ~~birth~~ ~~and~~ ~~university~~ ~~identification~~ ~~numbers~~ ~~for~~ ~~309,079~~ ~~people~~ ~~affiliated~~ ~~with~~ ~~the~~ ~~school~~ on ~~its~~ ~~College~~ ~~Park~~ ~~and~~ ~~Shady~~ ~~Grove~~ ~~campuses.~~	The breach occurred about 4 a.m. Tuesday, when an outside source gained access to a secure records database that holds information dating to 1998.
	Brian Voss, vice president and chief information officer at U-Md., said officials think that whoever got into the database duplicated the information, which includes names, Social Security numbers, dates of birth and university identification numbers for 309,079 people affiliated with the school on its College Park and Shady Grove campuses.
The hackers did not change anything within the university’s computer system, but Voss said the attackers essentially “made a Xerox of it and took off.”	The hackers did not change anything within the university’s computer system, but Voss said the attackers essentially “made a Xerox of it and took off.”
Voss said what most concerns him is the sophistication of the attack: The hacker or hackers must have had a “very significant understanding” of how the school’s data are designed and protected. Voss said the security breach appears to be in contrast with typical attacks, in which “someone left the door open,” creating an easy opportunity for any ~~hacker,~~ ~~Voss~~ ~~said.~~	Voss said that what most concerns him is the sophistication of the attack: The hacker or hackers must have had a “very significant understanding” of how the school’s data are designed and protected. Voss said the security breach appears to be in contrast with typical attacks, in which “someone left the door open,” creating an easy opportunity for any hacker.
“That’s not what happened here,” Voss said. “There’s no open door. These people picked through several locks to get to this data.”	“That’s not what happened here,” Voss said. “There’s no open door. These people picked through several locks to get to this data.”
In a letter to the university community, President Wallace D. Loh said school officials are investigating the breach and doing what they can to prevent further intrusions.	In a letter to the university community, President Wallace D. Loh said school officials are investigating the breach and doing what they can to prevent further intrusions.
“Appropriate state and federal law enforcement authorities are currently investigating this incident,” Loh ~~said.~~ “Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed.”	“Appropriate state and federal law enforcement authorities are currently investigating this incident,” Loh wrote. “Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed.”
Meghan Land, a staff ~~attorney~~ for the Privacy Rights Clearinghouse, based in San Diego, said the U-Md. breach was large and significant because it included Social Security numbers. A list kept by the ~~nonprofit~~ ~~group~~ indicates that many colleges have faced data security problems in recent years.	Meghan Land, a staff lawyer for the Privacy Rights Clearinghouse, a nonprofit group based in San Diego, said the U-Md. breach was large and significant because it included Social Security numbers. A list kept by the clearinghouse indicates that many colleges have faced data security problems in recent years.
Ohio State University said in 2010 that hackers had penetrated a college server that contained names, birth dates and Social Security numbers of 750,000 people, exposing them to risk of identity theft. ~~The~~ University of Virginia ~~last~~ ~~year~~ said that Social Security numbers of more than 18,000 students were mistakenly printed in the address field of health insurance brochures that were mailed to their homes.	Ohio State University said in 2010 that hackers had penetrated a college server that contained the names, birth dates and Social Security numbers of 750,000 people, exposing them to risk of identity theft. Last year, the University of Virginia said that Social Security numbers of more than 18,000 students were mistakenly printed in the address field of health insurance brochures that were mailed to their homes.
Loh said that U-Md. plans to provide free credit monitoring for a year to anyone whose information was compromised.	Loh said that U-Md. plans to provide free credit monitoring for a year to anyone whose information was compromised.
Dan Goff, a graduate student at the University of South Carolina who studied at U-Md. for three semesters in 2003 and 2004, said he was “more annoyed than anything” when he heard about the security breach Wednesday evening. Within an hour, he submitted fraud alerts to three credit agencies.	Dan Goff, a graduate student at the University of South Carolina who studied at U-Md. for three semesters in 2003 and 2004, said he was “more annoyed than anything” when he heard about the security breach Wednesday evening. Within an hour, he submitted fraud alerts to three credit agencies.
“It’s certainly a fact of life in the information age,” Goff said.	“It’s certainly a fact of life in the information age,” Goff said.