Maryland university data breach compromises 300,000 records

News by Doug Drinkwater

The University of Maryland in the US says that a "sophisticated" cyber-attack exposed sensitive personal data on more than 300,000 faculty, staff and students who attended the school since 1998.

University president Wallace Loh apologised for Tuesday's cyber-attack on the school's website on Thursday, and noted that the data breach affected 309,079 individuals affiliated with the school's College Park and Shady Campus sites since 1998. 

Loh said that names, social security numbers and birth dates had been compromised of persons who had their own university ID card, but stressed that the data breach hadn't resulted in a loss of financial, academic or contact information.

“I am truly sorry. Computer and data security are a very high priority of our University,” wrote Loh.

“A specific database of records maintained by our IT Division was breached yesterday. That database contained 309,079 records of faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses who have been issued a University ID since 1998. The records included name, Social Security number, date of birth, and University identification number. No other information was compromised -- no financial, academic, health, or contact (phone, address) information.”

State and federal law enforcement authorities are now investigating the attack, while computer forensic investigators are looking at the how the school's “multi-layered” IT defences were breached. The university is, as some way of compensation, offering one year of free credit monitoring to all affected persons.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews