Contractor Claims U of Maryland Warned of Cyber Risks Before Breach

A former contract IT worker, who says he's a whistleblower, posted the school president's personal information online to call attention to vulnerabilities.
Published: April 14, 2014

A former University of Maryland contract IT worker is being investigated by the FBI for posting the school president’s personal information online. The software engineer claims he posted the information to draw attention to the university’s cyber security vulnerabilities.

David Helkowski told the Baltimore Sun that he notified school officials about their network security flaws four months before a cyber attack in February exposed the sensitive information of nearly 300,000 people. The hole didn’t get fixed and got bigger after he notified the university, he claims. Helkowski says he reported the problem again, after the breach, this time to campus police. Although he met with the school and his employer, a few weeks later he found the same security gaps.

Out of frustration, Helkowski then posted the cell phone numbers and Social Security number of University of Maryland President Wallace D. Loh. He says he posted the information to draw attention to the problems. He now admits that he went too far in posting the school president’s personal information.

He claims he was never involved in February’s massive data breach but grew frustrated with the school’s inaction after he reported the vulnerability to officials.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

Helkowski has been fired from his position at the Canton Group, the contractor hired by the university to assist with cyber security issues.

ADVERTISEMENT
ADVERTISEMENT
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series