July 19, 2005
Univ. of Southern Calif. says database hacked
LOS ANGELES (Reuters) - A University of Southern California
database containing about 270,000 records of past applicants
including their names and Social Security numbers was hacked
last month, officials said on Tuesday.
The breach of the university's online application database
exposed "dozens" of records to unauthorized individuals, said
Katharine Harrington, USC dean of admissions and financial aid.
whose personal data may have been viewed by the hacker or
hackers or what their motivation was for the computer break-in.
"There was not a sufficiently precise tracking capability,"
Harrington said, but added that the hackers had not been able
to access multiple records at once. Records were also only able
to be viewed at random, she said.
"We are quite confident that there was no massive
downloading of data," Harrington said.
USC learned of the breach June 20 when it was tipped off by
a journalist, Harrington said. It has since shut down the Web
site and has notified people whose names and Social Security
numbers were in the database of the security breach.
The university was not able to identify exactly which
records may have been exposed.
The site will be back up once new security measures are
taken, the university said in a written statement.
A California law that took effect two years ago requires
institutions to inform those affected when their personal
information has been stolen or accidentally released.
A number of states are considering similar legislation, and
a bill is pending in the U.S. Senate that would also require
institutions to tell people when the privacy of their personal
information has been compromised.
Consumer advocates say such notification is important
because it provides an opportunity for consumers to put a fraud
alert on their credit file.
Identity theft is the top consumer fraud complaint,
according to the Federal Trade Commission, which estimates that
some 10 million people are affected each year.