Data breach at University of Maryland exposes 300K records

School president apologies for a "sophisticated" security breach that exposed the sensitive personal information faculty, staff, and students at the school since 1998.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

The sensitive personal information for more than 300,000 faculty, staff, and students at the University of Maryland were stolen in a "sophisticated" cyberattack on the school's recently bolstered security defenses, the school's president revealed late Wednesday.

The names, Social Security numbers, and birth dates of 309,079 individuals affiliated with school's College Park and Shady Grove campuses who were issued a university identification card since 1998 were exposed in Tuesday's attack, according to an apology issued Wednesday by university President Wallace Loh. However, no financial, academic, or contact information was compromised, Loh said.

The university said state and federal law enforcement authorities are investigating the cyberattack and that computer forensics investigators were working to determine how the university's defenses were breached.

"With the assistance of experts, we are handling this matter with an abundance of caution and diligence," Loh said in a statement. "Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed."

The school said it is offering a year of free credit monitoring to affected individuals.

Noting that universities have become a popular target for hackers, Loh indicated that the attack came on the heels of a security overhaul at the university.

"We recently doubled the number of our IT security engineers and analysts," Loh wrote. "We also doubled our investment in top-end security tools. Obviously, we need to do more and better, and we will."

The security breach ranks among the largest suffered by US universities. A security breach of a database at the University of California, Los Angeles in 2006 exposed the private information of about 800,000 people, including students, staff, applicants and some students' parents. A year earlier, the University of Southern California suffered a security breach of a database containing personal information on 275,000 applicants over an eight-year period.