Feeds

Uni of Maryland hacked: 300,000 SSNs of staff, students, alumni swiped

Secret Service called in after NSA's favorite campus ravaged

Choosing a cloud hosting partner with confidence

Former and current staff and students at the University of Maryland are going to be getting a free year of credit score protection after hackers slurped the names, social security numbers, dates of birth, and university identification numbers for 309,079 people.

"The University of Maryland was the victim of a sophisticated computer security attack that exposed records containing personal information," said Brian Voss, vice-president of the university's IT department, in a statement today. "Since that time, we have been working around the clock to ensure the breach has been contained and that other data systems are protected."

Voss said campus police are investigating the attack, along with the US Secret Service, and the university has retained the services of security firm MITRE to investigate what was lost and how to beef up network security.

The Secret Service doesn't always investigate hacking attacks like this, but the University of Maryland is rather special; the campus is 20 miles down the road from Fort Meade, home to the NSA, and the spy agency maintains a secure facility among the university's ivory towers of academia, along with the Maryland Cybersecurity Center.

In one of those twists of fate that makes life so fun, NSA whistleblower Edward Snowden got his first job at the university as a security guard at the agency's on-campus facility, according to The Guardian.

But it's unlikely that the hackers were targeting the uni to snaffle data on No Such Agency, based on the personal information they lifted. Rather this looks like a simple case of financial fraud of a type that is proving increasingly common on academic networks.

Student records are very popular with financial fraudsters. Not only are students notoriously sloppy about keeping an eye on their credit history, they also tend to have completely clean records, both of which make it easier to use their identities for fraud.

The attack is good news for some, however. Experian will land a major contract to provide a year's credit-checking services for more than 300,000 students – a service that usually costs $16 a month. No doubt the university will have negotiated a discount, but it must still count as a major win for the company. ®

Beginner's guide to SSL certificates

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
US government fines Intel's Wind River over crypto exports
New emphasis on encryption as a weapon?
To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow
While the NSA is tapping your PC, he's tapping ... nevermind
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Slap for SnapChat web app in SNAP mishap: '200,000' snaps sapped
This is what happens if you hand your username and password to a 3rd-party
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.