UC San Diego Notifies Campus Community
and Others of Computer Systems Security Breach
By Dolores Davies
The University of California, San
Diego is notifying past and present students, applicants, and some
staff and faculty that unauthorized intruders have broken into four
computers in the UCSD Business & Financial Services Department,
computers which housed approximately 380,000 records of personal
data including names, social security numbers, and drivers license
administrators have found evidence that an unauthorized intruder
was utilizing disk space for DVD storage on one of the computers
that was breached. There is no evidence, however, that any of the
personal data housed on these computers was accessed or that any
identity theft has occurred.
regret that unauthorized intruders have broken into one of our computer
networks, possibly compromising the personal information of students,
staff, faculty and others," said Don Larson, UCSD's Controller.
"Our main concern at this point is to inform people whose private
information has been exposed by this illegal intrusion, provide
them guidance on what steps they can take to protect themselves
from potential identity theft, and also to assure them that we have
taken strong and immediate steps to bolster our defenses against
any future attacks."
began sending notification letters to people on Wednesday. Because
numerous records that were exposed did not include contact information,
UCSD staff have been working around the clock with the CA Department
of Motor Vehicles and the U.S. Postal Service to obtain contact
information to notify people of the illegal intrusion.
letter provides information about the various resources available
to people to guard against possible identity theft. In addition,
a website has been established for people who were notified
of the security breach at http://idalert.ucsd.edu.
The website includes a Q&A as well as a detailed listing of
contacts for credit checks and other resources for protecting
against identity theft. Individuals who do not receive a notification
letter but are concerned that they may have been affected, can
send an e-mail message to
email@example.com. Concerned individuals can call a special
toll-free hotline --(866) 890-5560 -- set up by UCSD. Those
within the 858 area code can call 822-2830.
"We want the
campus community to know that we have moved as quickly as possible
to inform those who could have been affected by this illegal break-in,"
said Larson. "But, it has taken many days, nights, and weekends
of data mining to really get a handle on the situation and we needed
to thoroughly understand the dimensions of the problem before notifying
people. It's been a long and tedious process."
exposed include the personal information of approximately 178,000
former students, including alumni, and current students, 2,400 former
and current faculty members, and around 1,400 former and current
staff members. Also residing on one of the breached computers was
personal data for approximately 198,000 people who applied to UCSD
but never enrolled.
Larson, the security breach was first discovered over the weekend
of April 16 when UCSD computer administrators discovered that two
computers had been accessed by unauthorized intruders via the Internet.
The computers were immediately removed from the network, and administrators
conducted an emergency assessment of all network workstations. The
assessment revealed that two additional computers that stored personal
data had also been hacked into.
UCSD has begun
a comprehensive review of administrative computer servers and related
procedures to determine what additional security measures should
be implemented to enhance the university's ability to protect computer
networks from future cyber attacks. This effort involves a campus-wide
task force of data security experts and network and information
security specialists. The security breach is being investigated
by campus police and other law enforcement agencies have been informed
of the case, said Larson.
Over the last
few years, numerous academic institutions have experienced problems
with hackers breaking into their computer systems and exposing thousands
of personal records. Earlier this month, the UCSD-based San Diego
Supercomputer Center issued a statement alleging that they have
been targeted as part of widespread cyber attacks involving numerous
sites across the country, including universities and other high
performance computing centers.
deployment of interconnected high speed broadband networks has essentially
given any internet user the ability to easily attack other systems,"
said Frank Dwyer, Associate Director for Information Technology
at the San Diego Supercomputer Center and an authority on information
security issues. "In addition, the number of potential vulnerabilities
has grown over time, and the knowledge of how to use them is much
more accessible and wide-spread. What used to require a deep understanding
of computer and network systems can now be found on a web page --
complete with usage instructions."
says Dwyer, "Academia is known for its culture of openness, and
the free sharing of information is part of that philosophy. While
these are clearly important qualities for an academic institution
to have, universities now face the challenge of protecting vital
data while preserving this culture of openness."
Contact: Dolores Davies,