Campus administrators detected a low-level breach of computers within the UCSD Extension network, which has stored more than 4,800 files of students’ personal information.
“This was a very unfortunate incident,” UCSD Extension Marketing Director Monica Doyle said. “Universities are getting hacked into all the time now — that’s why it’s important we have really good security.”
A university investigation into the breach, which administrators discovered on Nov. 6, revealed that hackers did not access any of the files on affected computers. The files contained full names, social security numbers and credit card information for students and alumni.
“This breach was used to store music and DVDs,” Doyle said. “There is no evidence that any personal records were accessed.”
Pursuant to state law, administrators notified individuals affected by the breach of the incident and advised them to place fraud alerts on their credit cards to avoid identity theft. The law requires companies and state agencies to notify individuals if their personal information is electronically compromised.
Although the breach occurred more than two months ago, administrators did not send notification letters until the first week of January, after the investigation concluded.
“It was a tedious, painstaking operation to go from computer to computer to make sure there were no more infections,” Doyle said. “We waited to send notifications until everyone [affected] had been identified.”
The breach most likely occurred through the desktop, where somebody using the computer unknowingly downloaded an automated “bot,” which then launched files designed to steal hard-drive space, according to Doyle.
Since the incident, UCSD Extension has accelerated the application of the recently updated network security policy, created to strengthen both hardware and software systems on campus, Doyle said.
These changes include patch updates, anti-virus software upgrades, host-based firewall software and the elimination of unauthenticated e-mail relays and proxy services.
This is the third incident at the campus in which hackers have gained access to university computers. Although investigators have found no connection between the breaches, they reflect a general increase in illegal hacking at universities across the country, according to a campus statement.
The rise in such activity presents UCSD and other colleges with a particular challenge to protect students’ personal information while simultaneously maintaining an open and free environment for academic information, it stated.
“UCSD Extension and all universities are now being challenged to further strengthen the security of computer systems to protect their networks and private data while also preserving the culture of openness and information exchange that is such a defining feature of the academic world,” UCSD Extension stated in a press release.
UCSD Extension has set up a special number to address questions and concerns about the computer breach. Those affected can call the hotline at (858) 534-0427.
