CNET también está disponible en español.

Ir a español

Don't show this again


Data thieves nab 55,000 student records

Online attackers steal information on students and faculty from insecure database servers at the University of Texas at Austin.

Online attackers stole information on more than 55,000 students and faculty from insecure database servers at the University of Texas at Austin, the school said on Wednesday.

Discovered Sunday night, the attack used millions of randomly generated Social Security numbers to request records from the school's database, resulting in 55,200 matches, Daniel A. Updegrove, the university's vice president of information technology, said in a statement. In addition to Social Security numbers, the data includes names, addresses and e-mail addresses.

"U.T., in conjunction with the U.S. Attorney's Office, the U.S. Secret Service and other law enforcement agencies, has focused its efforts since Sunday evening on identifying the perpetrator of the break-in and recapturing the stolen data," Updegrove said in the statement. "To date there is no evidence that the stolen data have been distributed beyond the computer of the perpetrator."

The data heist comes after several major thefts that have put a spotlight on the inadequate protection of consumer data. In February, a data processing center in Nebraska revealed that 8 million credit card numbers had been stolen from its servers, and, in January, the University of Kansas acknowledged that online attackers had snagged the records of 1,400 international students.

Updegrove could not immediately be reached for comment, nor could representatives at the Austin, Texas, offices of the U.S. Secret Service and the U.S. Attorney General.

Past and present students, faculty, staff and job applicants could be affected, according to the statement. Officials at the university are discussing the best way to inform those whose data is at risk. The university stressed in the advisory that student academic records and personal health information were not disclosed.