More than 300,000 personal records of students, faculty and staff at the University of Maryland were taken Tuesday in what the school’s president called a “sophisticated computer security attack.”
The database that was hacked contained names, Social Security numbers and birthdates of people who have been issued a University of Maryland ID since 1998. The school said no financial, academic, contact, or health information was compromised.
In a letter to the University of Maryland community, President Wallace D. Loh said that computer forensic investigators “are examining the breached files to determine how our sophisticated, multi-layered security defenses were bypassed,” and are taking steps to ensure a breach doesn’t happen again.
The university said it will offer one year of free credit monitoring to anyone affected by the breach.
Loh noted in his letter that the school had recently doubled its number of Information Technology engineers and analysts.
“Obviously we need to do more and better, and we will,” Loh wrote.
Many universities have been victimized by data breaches over the past few years, including Stanford, Harvard, University of Delaware, University of Arizona and Florida State.
“Universities are a focus in today's global assaults on IT systems,” Loh noted.
According to an analysis by Risk Based Security of the data breach incidents reported during 2013, there were 2,164 incidents reported in 2013 — exposing 822 million records.
While the number of breach incidents declined from 2012 to 2013, the number of records exposed more than tripled.
Data breaches at universities last year accounted for 5.5 percent of all breaches and just 0.4 percent of exposed records. But among industries experiencing multiple breaches from 2006 to 2013, universities topped the list — experiencing 565 repeat incidents in 2013.