The student, 20-year-old Christopher Andrew Phillips, turned himself in to the U.S. Secret Service and was scheduled to appear in federal court Friday. The charges stem from data, which included the stolen records, gleaned from the student's hard drives, the U.S. Attorney's Office for the Western District of Texas said in a statement.
"On March 5, 2003, Secret Service agents carried out search warrants at Phillips' residences in Austin and Houston and seized several computers," the statement issued Friday said. "On a computer found in his Austin residence, agents recovered downloaded names and Social Security numbers and the computer program used to access the UT database."
The database--called "an administrative data reporting system"--holds general information about students, faculty and employees at the university, including people's name, Social Security number, e-mail address, title, department name, department address and department phone number.
A security flaw in the database's design allowed records to be accessed with only a valid Social Security number. Phillips is thought to have created a program that tried more than 3 million numbers, which resulted in approximately 55,000 records being found. His attorney could not be reached for comment.
The charges are a new twist in a case that began March 2, whenwhen accessing an administrative database. The school quickly realized that the loss of connectivity had been caused by an unauthorized user monopolizing the database.
The University of Texas at Austin is continuing to try to contact everyone whose information may have been put at risk by the online break-in. The school has created a Web site to help students and faculty know if their own data is at risk.
While law enforcement officials don't believe that any data has been leaked to the Internet at large, they warned that affected people should still watch their credit reports and other important information carefully. "Persons who may have been directly affected by this incident should remain on alert for possible misuse of their names and Social Security numbers and promptly report any suspected illegal activity to the United States Secret Service," the U.S. Attorney's Office said in the statement.