An unknown hacker has infiltrated a massive University of
California, Los Angeles database with personal information on
800,000 people, the school said on Tuesday, in one of the worst
computer breaches ever at a U.S. university.
The highly sophisticated attack exploited a software flaw to
crack the computer system in a bid to obtain Social Security
numbers, UCLA said in notices sent to all 800,000 potential
victims, most of them current or former students and faculty
The University had no suspects despite an emergency investigation
that began shortly after the hack was discovered on November 21,
said Jim Davis, UCLA associate vice chancellor of information
technology. The FBI has also begun a probe.
"We definitely do not know who it is yet," Davis said. "All
indications so far are that this is a malicious, targeted attack
and well orchestrated. And the other thing that was unnerving to
us was that it was orchestrated in such a way so that it covered
Davis said the hacker apparently began trying to worm into the
system more than a year ago but drew suspicion only after
technicians investigating performance issues on the computer
system noticed odd "data traffic patterns."
The database contained names, social security numbers, dates of
birth, home addresses and contact information that could be used
by identity thieves. It is normally restricted to UCLA staff
whose jobs require them to have access.
The university said it was not aware of any instance in which the
personal information had been "misused" but was notifying all
800,000 people as a precaution. Davis said the school was also
reviewing its practices for storing personal information.
In addition to 38,000 current UCLA students and 25,000 faculty
members, the database apparently stored personal information for
many former students going back at least a decade. University
spokesman Phil Hampton said the database was not used for
fund-raising and that in some cases federal law required the
school to maintain the information.
Computer security experts told the Los Angeles Times the sheer
number of people exposed to the hacker made it one of the largest
ever perpetrated against an American university.