The University of Maryland is the latest victim of a significant data breach after experiencing what school officials described as a “sophisticated computer security attack” that exposed records containing personal information.
According to a letter from Wallace Loh, President of the University, a database was breached on Feb. 18 that contained 309,079 records of faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses who have been issued a University ID since 1998.
Loh said he was notified about the breach by Brian Voss, Vice President of Information Technology, and that records accessed by the intruder(s) included name, Social Security number, date of birth, and University identification number. No other information was compromised, Loh said, including financial, academic, health, or contact information.
“With the assistance of experts, we are handling this matter with an abundance of caution and diligence,” Loh wrote in the letter. “Appropriate state and federal law enforcement authorities are currently investigating this criminal incident. Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed. Further, we are initiating steps to ensure there is no repeat of this breach.”
Call it too little too late if you like, but Loh said the University recently doubled the number of its IT security engineers and analysts, and doubled its investment in security tools.
“Obviously, we need to do more and better, and we will,” Loh said.
“We scored this week’s data breach at the University of Maryland using the Breach Level Index, which provides a scoring scale to classify the severity of any given security event, and lend some context relative to other breaches,” Prakash Panjwani, senior vice president and general manager, Data Protection at SafeNet, told SecurityWeek.
“Using the publicly available information right now, we put this at a 7.4 out of 10, which can be categorized as a ‘severe’ breach,” Panjwani said. “The inclusion of social security numbers places it relatively high on the scale, aided by the fact that a fairly large number of personal records were compromised. It appears from the outside that the records may have been stolen by a malicious insider (this would also factor into our scoring), but we don’t know that for sure. We also still don’t know how the stolen information has been used, and if the damage can hopefully be minimized, the index score could go down.”
The University said that it is offering one year of free credit monitoring to all affected individuals.
SecurityWeek has reached out to the University to get additional details on the attack and will update this story if additional information is recieved.
Relared Reading: Cybercriminals Increasingly Attacking University Networks
Related Reading: The College Cyber Security Tightrope: Higher Education Institutions Face Greater Risks
*Updated with commentary from SafeNet

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Watch Now: Threat Detection and Incident Response Virtual Summit
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
- NetRise Adds $8 Million in Funding to Grow XIoT Security Platform
- Virtual Event Today: Zero Trust Strategies Summit
- Virtual Event Tomorrow: Zero Trust Strategies Summit
- Watch: How to Build Resilience Against Emerging Cyber Threats
- Video: How to Build Resilience Against Emerging Cyber Threats
- Webinar Today: Understanding Hidden Third-Party Identity Access Risks
Latest News
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Amazon Settles Ring Customer Spying Complaint
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Adobe Inviting Researchers to Private Bug Bounty Program
