President Wallace Loh notified the student body last Wednesday of a large-scale data breach that affected over 300,000 students and faculty since 1998.
The records hacked included name, Social Security number, date of birth, and university identification number. No financial, academic, health, or contact information was taken.
“The fact that my social security number has been compromised is huge. That’s wild! How did that happen?” questioned junior Danielle Burgess. “I’m also frustrated that it took 24 hours for us, the student body to find out about the attack. “
Brian Voss, Vice President of Information Technology, thinks that whoever got into the database duplicated the information. The hackers did not change anything within the university’s computer system, but Voss told the Washington Post that attackers essentially “made a Xerox of it and took off.”
Voss thought that the hackers had a “very significant understanding” of how the school’s data are designed and protected, hinting at the idea of an inside job.
The government lists identity fraud as one of the fastest growing crimes in America. A stolen Social Security number can cause a lot of problems for students. The hackers can easily open credit cards and sign up for bank loans using your identity, eventually ruining your credit and putting you in deep debt. Those who have access to the social security numbers can even pose as you to get a job in the future, which is why social security numbers are often stolen on black markets.
“Those poor people who graduated in 1998,” said junior Kristin Van Trieste. “But if the hackers used my social security number, I don’t think that they really would be able to open a credit card in my name because I have no credit.”
It appears that current students do not feel nervous about the potential loss of their identities since they lack credit, as many have “no opinions” on the hack, or don’t know about the dangers of losing their identity.
“I don’t fully understand the damage that people can do with your social security number,” admitted sophomore journalism major Alexandra Pamias.
Some simply forwarded the email from President Loh on to parents to take care of and worry about. The breach will most likely impact faculty and students who have graduated several years ago that have gained credit.
“I can say that I trust the UMD will make sure this never happens again cause according to everyone’s reaction, it was pretty bad,” Pamias said.
Affected University affiliates will receive one year of free credit monitoring from Experian’s ProtectMy ID Alert. Credit monitoring alerts subscribers of any suspicious changes to their credit in hopes of combatting identity fraud.
This service helps detect possible misuse of your personal information and provides you with superior identity protection support focused on immediate identification and resolution of identity theft.
Once the membership is activated, users will receive a free copy of their Experian credit report, surveillance alerts for Daily Bureau Credit Monitoring, alerts of key changes and suspicious activity found on your Experian credit report and Identity Theft Resolution & ProtectMyID ExtendCARE.
The university is handling the breach with an investigative task force that includes law enforcement, IT leadership, and computer forensic investigators. UMD also partnered with MITRE, a leading systems engineering company specializing in cybersecurity, to provide additional forensic analysis on how this attack happened and how to prevent such attacks in the future.
Data breaches are becoming much more common. A website, Databreach.net attempts to keep track of every single data breach that hits the news. Several occurrences have already occurred this year at universities involving data breaches.
However, similar situation regarding Social Security numbers occurred in 2010 at Ohio State when hackers hacked a server that contained the names, birth dates and Social Security numbers of 750,000 people. In 2013, at the University of Virginia, 18,000 individuals were affected when Social Security numbers were accidentally printed on health insurance brochures mailed to homes. Almost exactly a year ago last February, the names and Social Security Numbers of 1,294 University of Florida employees were accidentally released and available on Google. This marked the 14th data breach at UF in 3 years.
If your information was compromised, especially your credit card, to protect yourself, place an initial fraud alert with Equifax or TransUnion and order a credit report, and monitor your credit cards and bank accounts.
At this time, the University of Maryland does not know what will happen with the hacked information, or if the intent was malicious, just that it was a “sophisticated” breach.
The University of Maryland data breach occurred in the wake of two of the largest retailer data breaches ever at Target, with 70 million people affected, and Neiman Marcus. In 2013, there were 378 million victims of cybercrime.
Yesterday, on February 24, Attorney General Eric Holder released a statement calling for the requirement of businesses to quickly alert consumers and law enforcement agencies in the wake of significant data breaches. President Wallace Loh promptly acted to notify the community of the data breach.