Nearly 310,000 affected in University of Maryland breach
University of Maryland is the latest higher learning institution to have suffered a data breach of considerable scope and proportions, as nearly 310,000 records of staff and students have been copied and exfiltrated from its networks.
“A specific database of records maintained by our IT Division was breached yesterday. That database contained 309,079 records of faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses who have been issued a University ID since 1998,” Wallace D. Loh, the university’s President, explained in a statement published on the website on Wednesday.
“The records included name, Social Security number, date of birth, and University identification number. No other information was compromised – no financial, academic, health, or contact (phone, address) information.”
According to The Diamondback, the breach happened on Tuesday between 4 and 5 a.m., and was detected between 8 and 9 a.m. on the same day.
Brian Voss, the university’s VP of Information Technology, shared that the attackers didn’t bother with altering data in the university’s networks. Also, that they apparently were very capable.
“Someone worked around very stringent security and gained access to this data. Whoever did this broke through multiple levels of security in order to get this file,” said Voss, and pointed out that the breach was not successful because someone left a door open or made a mistake.
“Universities are a focus in today’s global assaults on IT systems. We recently doubled the number of our IT security engineers and analysts. We also doubled our investment in top-end security tools. Obviously, we need to do more and better, and we will,” commented Loh.
“Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed.”
Law enforcement has also been included in the investigation.
The University intends to offer one year of free credit monitoring to all affected persons, and has warned them to be careful of phishing emails and phone calls that might impersonate the university and ask them to share personal and financial information.