Phoenix, Arizona Home Blogs Arizona Phoenix Miscellaneous

Topics

On the Road

Major Medical

Protecting Your Family

In the Workplace

Miscellaneous

UCLA Database Hacking Undetected for An Entire Year

Staff Writer
Staff Writer
Contributor
Posted by Staff Writer December 14, 2006 9:28 AM
Tags: Identity Theft
0 CommentsPrint ArticleSubscribe

According to the on-line publication Computerworld, a UCLA computer database containing names, addresses, social security numbers and other personally identifying information about staff, faculty, parents and students was a regular target for a hacker/identity thief over the past year. Amazingly, this breach went undetected for at least one full year. Citing a UCLA information Release, Computerworld indicated:

The breach was discovered on Nov. 21 this year, when the university's computer security technicians noticed an "exceptionally high volume of suspicious database queries,"

In the meantime, over 800,000 people have had their identities compromised and may become the next victims of identity theft.

According to the UCLA Office of Media Relations:

[A]ccess to the restricted database was gained by a computer trespasser utilizing a software program designed to exploit an undetected software flaw, thereby bypassing all security measures. A problem was detected Nov. 21 when computer security technicians noticed an exceptionally high volume of suspicious database queries. An emergency investigation indicated that access attempts had been made since October 2005 and that the hacker specifically sought Social Security numbers, Davis said.

For the past decade, UCLA has been systematically upgrading computer security but had not yet identified the vulnerability maliciously exploited by the computer hacker. During this time, UCLA installed and strengthened firewalls and intrusion-detection systems, removed Social Security numbers from computer screens and written reports, and prohibited their storage on portable devices, among other steps.

I have trouble understanding why, in light of all the updates, system modifications, and intrusion-detection systems in place as UCLA has suggested, the intrusions were not detected for over one year. It seems to me that if it takes one year for an intrusion detection system to detect an intrusion, something must be wrong. What are your thoughts?


0 Comments

Have an opinion about this post? Please consider leaving a comment or subscribing to the feed to have future articles delivered to your feed reader.

Comments for this article are closed.

Subscribe to InjuryBoard Phoenix

 InjuryBoard Phoenix RSS Feeds

Keep up with the latest updates using your favorite RSS reader

Legal Assistance Center

More Info
Better Business Bureau Accredited Business Confidential

Your question will be referred to an attorney near you. If your question is of a legal nature, then by submitting this form you agree you are not forming a formal attorney / client relationship. Read our full privacy policy.

Looking for an InjuryBoard attorney closer to home? Click here.

Additional Resources

Subscribe to Blog Updates

Enter your email address if you would like to receive email notifications when comments are made on this post.

Email address

Blog Archives

View previous posts from:

Interesting Links

Popular Tags

Consumer Law Defective Products Food Poisoning Identity Theft Medical Malpractice Motor Vehicle Accidents Peanut Butter Recall Rants and Raves Salmonella Wrongful Death

Regional Blogs

Find an InjuryBoard Blog in your area:

Related Links