Connect with us

Hi, what are you looking for?



University of Maryland Hacked: Attackers Steal 309,000 Records of Faculty, Staff, Students

The University of Maryland is the latest victim of a significant data breach after experiencing what school officials described as a “sophisticated computer security attack” that exposed records containing personal information.

The University of Maryland is the latest victim of a significant data breach after experiencing what school officials described as a “sophisticated computer security attack” that exposed records containing personal information.

According to a letter from Wallace Loh, President of the University, a database was breached on Feb. 18 that contained 309,079 records of faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses who have been issued a University ID since 1998.

University of Maryland

Loh said he was notified about the breach by Brian Voss, Vice President of Information Technology, and that records accessed by the intruder(s) included name, Social Security number, date of birth, and University identification number. No other information was compromised, Loh said, including financial, academic, health, or contact information.

“With the assistance of experts, we are handling this matter with an abundance of caution and diligence,” Loh wrote in the letter. “Appropriate state and federal law enforcement authorities are currently investigating this criminal incident. Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed. Further, we are initiating steps to ensure there is no repeat of this breach.”

Call it too little too late if you like, but Loh said the University recently doubled the number of its IT security engineers and analysts, and doubled its investment in security tools.

“Obviously, we need to do more and better, and we will,” Loh said.

“We scored this week’s data breach at the University of Maryland using the Breach Level Index, which provides a scoring scale to classify the severity of any given security event, and lend some context relative to other breaches,” Prakash Panjwani, senior vice president and general manager, Data Protection at SafeNet, told SecurityWeek.

Advertisement. Scroll to continue reading.

“Using the publicly available information right now, we put this at a 7.4 out of 10, which can be categorized as a ‘severe’ breach,” Panjwani said. “The inclusion of social security numbers places it relatively high on the scale, aided by the fact that a fairly large number of personal records were compromised. It appears from the outside that the records may have been stolen by a malicious insider (this would also factor into our scoring), but we don’t know that for sure. We also still don’t know how the stolen information has been used, and if the damage can hopefully be minimized, the index score could go down.”

The University said that it is offering one year of free credit monitoring to all affected individuals.

SecurityWeek has reached out to the University to get additional details on the attack and will update this story if additional information is recieved.

Relared Reading: Cybercriminals Increasingly Attacking University Networks

Related ReadingThe College Cyber Security Tightrope: Higher Education Institutions Face Greater Risks

*Updated with commentary from SafeNet

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...