According to a “breaking news” story distributed by the Washington Post, at 4 a.m. on Tuesday, a hacker gained entry into a supposedly secure database containing the personal records, dating back to 1998, of 309,079 faculty, staff, and students at the University of Maryland’s College Park and Shady Grove campuses.
Among other things, the compromised data includes names, addresses, telephone numbers, birth dates, social security numbers, and university id numbers.
Although the hackers did not damage any of the files, there is evidence that they copied—“made a digital Xerox of”– the entire database.
A spokesperson for the University of Maryland pointed out that the much-publicized data breaches at retailers such as Target were facilitated by failures to follow security procedures that “left a door open” to the hackers. In contrast, the hackers in this instance seem to have painstakingly developed ways of compromising each of the multiple layers of security that the university had installed in order to protect the data.
This is the largest compromise of a university’s data since a 2010 cyberattack on a database at Ohio State University in which the personal information of more than 750,000 people had been stored.
Wallace D. Loh, the President of the University of Maryland, has committed the university to covering the cost of credit monitoring for all of those affected by the security breach. He has also indicated that the university is cooperating fully with federal and state investigations into the source of the cyberattack.