PII About 800,000 Individuals Compromised at UCLA

Today CNN reported personally identifiable information (PII), Social Security numbers, home addresses and birth dates, about 800,000 current and former UCLA students, faculty and staff may have been compromised.
Surprisingly, the unauthorized access reportedly was occurring from October, 2005 through November 21 of this year when the security staff finally noticed suspicious activity.


The letter sent to the impacted individuals reportedly advises them to contact the credit monitoring agencies, and does not offer to provide this service for them.
Mentioned in the report was an Educause survey that found over 25% of 400 colleges had exerienced a security breach involving PII in the past 12 months.
The open environments within schools certainly increase their information security vulnerabilities.
So how did the breach occur?

“Jim Davis, UCLA’s chief information officer, said a computer trespasser used a program designed to exploit an undetected software flaw to bypass all security measures and gain access to the restricted database that contains information on about 800,000 current and former students, faculty and staff, as well as some student applicants and parents of students or applicants who applied for financial aid.”

A few lessons learned:
* Information security and privacy must be programmed into all applications and systems, and addressed from the very planning phases all the way through to applications/systems retirement.
* Organizations must have procedures and tools in place to identify unauthorized activities, and diligently monitor and respond to them.
* Privacy breach identification, response and notification plans must exist prior to a privacy breach to be able to respond most efficiently and appropriately.

Tags: , , , , , , , , ,

Leave a Reply