Shostack + Friends Blog Archive

 

Information Exposed For 800,000 At UCLA

Apparently it’s Identity Theft Tuesday here on Emergent Chaos.
CNN reports that a “Hacker attack at UCLA affects 800,000 people”, which includes current and former faculty, students and staff. The initial break-in was apparently in October of 2005 and access continued to be available until November 21st of this year. I am stunned that it took so long to be noticed, especially in light of Chancellor Abram’s letter which states:

We have a responsibility to safeguard personal information, an obligation that we take very seriously…I deeply regret any concern or inconvenience this incident may cause you.

It’s a real shame they didn’t have more effective security controls and monitoring systems in place. Maybe then this incident wouldn’t have happened or been detected and stopped much earlier.
[edit: fixed link to article]

5 comments on "Information Exposed For 800,000 At UCLA"

  • Anonymous says:

    This was a fantastic email to find in my inbox when I woke up this morning. The best part was that my mail client only showed me about two-thirds of the subject, “UCLA Warns of Unauthorized Access to Restricted Database,” which sent me into a brief state of panic as I tried to figure out what unauthorized access I might’ve performed in the recent past.
    Coincidentally, with regards to your previous post, I’ve met Bob Hallinen; my dad used to work with him.

  • amg says:

    Googled to see who might be writing about the recent Boeing PII (earlier this month, Dec 06) and didn’t find any links, but I did find *your* site and your article to UCLA, of which I am an alumna, and thought you’d be interested to read what Boeing has to say on this, their latest of *four* such incidents involving laptops thefts since November 2005. I’ve been directly affected, in terms of potential impact, in the November 2005 as well as this latest December 2006 incident. PS.. I’d leave my email, but due to spam, I don’t like to have it appear publically unless there is some sort of encryption or other note that it will not be posted.
    http://www.boeing.com/empinfo/emergency.html#credit

  • Arthur says:

    @amg:
    We really need to fix the template, but fwiw, we don’t post email addresses. Sorry for any confusion.

  • Chris says:

    @Amg:
    Normally, I’d write something up abt this for EC, but what can you say that hasn’t been said multiple times already?
    I follow these incidents fairly closely, and even I am getting fatigued.
    FWIW, Boeing also says they suffered thefts/loss of 250 laptops last year, out of 75K laptops issued.
    http://seattlepi.nwsource.com/local/295769_boeing13.html
    has the story.

  • amg says:

    Following up. Thanks for the replies. I was double-whammied! Called UCLA today and they confirmed that I was also on their “compromised” list. However, they pretty much throw it back on the compromisee and did not offer any sort of “free credit report” or other “credit protection” service. I wonder if the hack was intentially “deep”, ie, I graduated in 1974 and the probability of having greater theivable resources is likely greater than the currently enrolled or recently graduated. Ah, well, Tis the season to be hacked! Happy Holidays to you all.

Comments are closed.