The University of Maryland yesterday acknowledged that it was the victim of a “sophisticated computer security attack” on February 18, 2014 that exposed a database of more than 300,000 faculty, staff and student records (h/t Softpedia).
The speed of the university’s response, issuing a statement within 24 hours of the breach itself, is impressive.
The database, maintained by the university’s IT division, contained the names, Social Security numbers, birthdates and university ID numbers of 309,079 faculty, staff, students and affiliated personnel from the university’s College Park and Shady Grove campuses who had been issued a university ID since 1998.
University CIO Brian Voss told the Diamondback, the school’s student newspaper, that the hackers “broke through multiple layers of security” to access the data.
“I wish it was an easy solution, that a mistake was made or a door was left open,” Voss said. “What troubles me as an IT professional is I know the university security is really good — really good. That someone was able to get through is a real point of concern not just for the University of Maryland, but for everybody.”
“Appropriate state and federal law enforcement authorities are currently investigating this criminal incident,” university president Wallace D. Loh said in a statement. “Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed. Further, we are initiating steps to ensure there is no repeat of this breach.”
All those affected are being offered one year of free credit monitoring. Anyone with questions is advised to contact (301) 405-4440 or [email protected]