Attackers breached a University of Maryland database containing more than 300,000 student, faculty, staff, and other affiliated records on Tuesday, according to an apology issued by the university’s president, Wallace D. Loh.
While it is not clear exactly how many individuals are affected by the breach, the compromised database contained the records of every person issued a university identification at both the College Park and Shady Grove campuses since 1998. In total, the database stored 309,079 records.
The breach exposed Social Security numbers, names, dates-of-birth, and university identification numbers. As is a common motif among data breach notifications, this one also announced some information that was not exposed by the breach. Namely, no phone numbers or addresses or payment, academic, or health information was compromised.
The breach is currently under investigation, and the school – which is claiming it “was the victim of a sophisticated computer security attack” – is not commenting on the technical details of the intrusion.
“Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multilayered security defenses were bypassed,” Loh said in a statement. “Further, we are initiating steps to ensure there is no repeat of this breach.”
The university is cautioning students and others who may have been affected by the breach to use caution when exchanging personal information online. The university says it will not contact anyone via email and ask them provide personal information regarding the incident. Should anyone be contacted over they phone, they are advised to ask for a call-back number so they can verify they identity of the person attempting to contact them.
“Universities are a focus in today’s global assaults on IT systems. We recently doubled the number of our IT security engineers and analysts. We also doubled our investment in top-end security tools. Obviously, we need to do more and better, and we will.”
The University is offering one year of free credit monitoring services to anyone affected by the breach.
Calls to the University were not returned by the time of publication.