Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

University of Maryland Hacked: Attackers Steal 309,000 Records of Faculty, Staff, Students

The University of Maryland is the latest victim of a significant data breach after experiencing what school officials described as a “sophisticated computer security attack” that exposed records containing personal information.

The University of Maryland is the latest victim of a significant data breach after experiencing what school officials described as a “sophisticated computer security attack” that exposed records containing personal information.

According to a letter from Wallace Loh, President of the University, a database was breached on Feb. 18 that contained 309,079 records of faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses who have been issued a University ID since 1998.

University of Maryland

Loh said he was notified about the breach by Brian Voss, Vice President of Information Technology, and that records accessed by the intruder(s) included name, Social Security number, date of birth, and University identification number. No other information was compromised, Loh said, including financial, academic, health, or contact information.

“With the assistance of experts, we are handling this matter with an abundance of caution and diligence,” Loh wrote in the letter. “Appropriate state and federal law enforcement authorities are currently investigating this criminal incident. Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed. Further, we are initiating steps to ensure there is no repeat of this breach.”

Call it too little too late if you like, but Loh said the University recently doubled the number of its IT security engineers and analysts, and doubled its investment in security tools.

“Obviously, we need to do more and better, and we will,” Loh said.

“We scored this week’s data breach at the University of Maryland using the Breach Level Index, which provides a scoring scale to classify the severity of any given security event, and lend some context relative to other breaches,” Prakash Panjwani, senior vice president and general manager, Data Protection at SafeNet, told SecurityWeek.

“Using the publicly available information right now, we put this at a 7.4 out of 10, which can be categorized as a ‘severe’ breach,” Panjwani said. “The inclusion of social security numbers places it relatively high on the scale, aided by the fact that a fairly large number of personal records were compromised. It appears from the outside that the records may have been stolen by a malicious insider (this would also factor into our scoring), but we don’t know that for sure. We also still don’t know how the stolen information has been used, and if the damage can hopefully be minimized, the index score could go down.”

Advertisement. Scroll to continue reading.

The University said that it is offering one year of free credit monitoring to all affected individuals.

SecurityWeek has reached out to the University to get additional details on the attack and will update this story if additional information is recieved.

Relared Reading: Cybercriminals Increasingly Attacking University Networks

Related ReadingThe College Cyber Security Tightrope: Higher Education Institutions Face Greater Risks

*Updated with commentary from SafeNet

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.