An online data breach compromised more than 300,000 personal records for faculty, staff, and students of the University of Maryland at about 4 a.m. on February 18, when an outside source gained access to a secure records database dating back to 1998.
The responsible party didn’t change anything in the system–satisfying itself with the duplication of such information as the names, Social Security numbers, dates of birth and university identification numbers for 309,079 people affiliated with the school on its College Park and Shady Grove campuses. Thankfully, the perpetrator was unable to obtain financial, academic, health or contact information.
What concerns Brian Voss, vice president and chief information officer at U-Md., is the sophistication of the attack. The hacker or hackers must have had a “very significant understanding” of how the school’s data systems are designed and protected.
According to the Ponemon Institute, insider threats and employee errors are the most common causes of data breaches. However, this attack is different than such typical attacks, Voss says, where “someone left the door open,” and created the easy opportunity for hackers.
“That’s not what happened here,” said Voss. “There’s no open door. These people picked through several locks to get to this data.”
To compensate the affected individuals, the University is offering free credit monitoring services for five years. The school also set up a hotline for people to call and find out if their information was part of the breach.
“Law enforcement authorities including the U.S. Secret Service are investigating and we have partnered with an outside cybersecurity firm to assist our computer forensic analysis,” the University said in a statement. “We are doing everything possible to discover how this happened so we can prevent further attacks.”
This breach is one of the largest ever suffered by U.S. universities, which have recently been big targets for hackers. University President Wallace Loh noted this fact and indicated that this breach came right on the heels of a security overhaul. “We recently doubled the number of our IT security engineers and analysts,” Loh wrote. “We also doubled our investment in top-end security tools. Obviously, we need to do more and better, and we will.”