COLLEGE PARK, Md. (AP) — The president of the University of Maryland says a computer security attack breached a database that contains personal information about more than 300,000 faculty, staff, students and others.
Wallace Loh said in a statement posted Wednesday on the university's website that the database contained records of those have been issued a university ID since 1998.
Loh said the database has information from the College Park and Shady Grove campuses. The records include name, Social Security number, date of birth and university identification number.
The university is working to determine how the breach occurred, and Loh says state and federal law enforcers are investigating.
The University is offering one year of free credit monitoring to anyone affected by the breach.
Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
Letter from University of Maryland President Wallace D. Loh
February 19, 2014
Dear students, faculty, and staff of the University of Maryland (at College Park and Shady Grove):
Last evening, I was notified by Brian Voss, Vice President of Information Technology, that the University of Maryland was the victim of a sophisticated computer security attack that exposed records containing personal information.
I am truly sorry. Computer and data security are a very high priority of our University.
A specific database of records maintained by our IT Division was breached yesterday. That database contained 309,079 records of faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses who have been issued a University ID since 1998. The records included name, Social Security number, date of birth, and University identification number. No other information was compromised -- no financial, academic, health, or contact (phone, address) information.
With the assistance of experts, we are handling this matter with an abundance of caution and diligence. Appropriate state and federal law enforcement authorities are currently investigating this criminal incident. Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed. Further, we are initiating steps to ensure there is no repeat of this breach.
The University is offering one year of free credit monitoring to all affected persons. Additional information will be communicated within the next 24 hours on how to activate this service.
University email communications regarding this incident will not ask you to provide personal information. Please be cautious when sharing personal information.
All updates regarding this matter will be posted to this website. Additional information is provided in the FAQs below. If you have any questions or comments, please call our special hotline at 301-405-4440 or email us at email@example.com.
Universities are a focus in today's global assaults on IT systems. We recently doubled the number of our IT security engineers and analysts. We also doubled our investment in top-end security tools. Obviously, we need to do more and better, and we will.
Again, I regret this breach of our computer and data systems. We are doing everything possible to protect any personal information that may be compromised.
Wallace D. Loh
President, University of Maryland
How many files were breached?
—We have been notified by Brian Voss, Vice President of Information Technology, that a computer security incident at the University of Maryland exposed approximately 309,079 records containing personal information.
Who was affected by the breach?
—That database contained 309,079 records of faculty, staff, students and affiliated personnel from College Park and Shady Grove campuses who have been issued a University ID since 1998.
What kind of data was accessed?
—The records included name, Social Security number, date of birth, and University identification number. No financial, academic, contact, or health information was compromised.
How did it occur?
—The cause of the security breach is currently under investigation by state and federal law enforcement authorities, as well as forensic computer investigators.
How is the university responding?
—Within 24 hours, the University formed an investigative task force that includes law enforcement, IT leadership, and computer forensic investigators. We are also making every effort to notify the campus community and those who were previously affiliated with the university as students, faculty or staff. In addition, the University is offering one year of free credit monitoring to all who were affected.
What else can I do to protect myself?
—We recommend that you be mindful of these general tips: Do not share personal information over the phone, email or text. Instead, ask for a call-back number so you can verify with whom you are communicating. Delete texts immediately from unfamiliar numbers or names because of the risk of malware and other viruses. Never click links within emails that you do not recognize. Be cautious when responding to emails that direct you to suspicious websites.
What should affected persons do next?
—Additional information will be on the University homepage within 24 hours. A special hotline has also been established if you have questions about this incident. You can call 301.405.4440 or email us at firstname.lastname@example.org.
WTTG FOX 5 & myfoxdc
Didn't find what you were looking for?