A University of Southern California database containing about 270,000 records of past applicants was hacked last month, officials said on Tuesday.
The breach of the university’s online application database exposed “dozens” of records, which included names and Social Security numbers, to unauthorized individuals, said Katharine Harrington, USC dean of admissions and financial aid.
Harrington could not be more specific about the number of people whose personal data may have been viewed by the hacker or hackers, nor about what the motivation had been for the computer break-in.
“There was not a sufficiently precise tracking capability,” Harrington said, but added that the hackers had not been able to access multiple records at once. Records were also only able to be viewed at random, she said.
“We are quite confident that there was no massive downloading of data,” Harrington said.
USC learned of the breach June 20 when it was tipped off by a journalist, Harrington said. It has since shut down the Web site and has notified people whose names and Social Security numbers were in the database that was breached.
The university was not able to identify exactly which records may have been exposed.
The site will be back up once new security measures are taken, the university said in a written statement.
A California law that took effect two years ago requires institutions to inform those affected when their personal information has been stolen or accidentally released.
A number of states are considering similar legislation, and a bill is pending in the U.S. Senate that would also require institutions to tell people when the privacy of their personal information has been compromised.
Consumer advocates say such notification is important because it provides an opportunity for consumers to put a fraud alert on their credit file.
Identity theft is the top consumer fraud complaint, according to the Federal Trade Commission, which estimates that some 10 million people are affected each year.
News source: Zdnet