The University of Maryland announced yesterday that it was the victim of a sophisticated computer security attack that exposed records containing the personal information of 309,079 faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses.
The breach, which occurred on Tuesday, affected those individuals who have been issued a university ID since 1998. The records included name, Social Security number, date of birth, and university identification number. School officials say no other information was compromised – no financial, academic, health, or contact (phone, address) information.
“With the assistance of experts, we are handling this matter with an abundance of caution and diligence,” said university President Wallace Loh in a statement that was released on Wednesday. “Appropriate state and federal law enforcement authorities are currently investigating this criminal incident. Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed. Further, we are initiating steps to ensure there is no repeat of this breach.”
The university is offering one year of free credit monitoring to all affected persons.
Loh said the school recently doubled the number of its IT security engineers and analysts.
“We also doubled our investment in top-end security tools,” she said. “Obviously, we need to do more and better, and we will.”