Prosecutors allege the San Diego man nabbed sensitive info on more than 275,000 people from a university system.
On Monday, the U.S. Attorney's Office in Los Angeles filed a criminal complaint against Eric McCarty, a network administrator, for allegedly exploiting a vulnerability in a USC database that hosts and stores student applications. Officially, he's charged with "intentionally transmitting a code or command to cause damage to the USC online application system," according to the U.S. Attorney's office.
Michael Zweiback, an assistant U.S. attorney in the cybercrimes and intellectual property unit, said that the case reflects a growing trend among hackers.
"Universities are becoming bigger and bigger targets to the hacker community because they are large institutions...and hackers always want to see if they can beat the technical people on the other side," Zweiback said.
According to the complaint, McCarty allegedly used his home computer on June 17 last year to hack into a password-protected USC database. It contained data on more than 275,000 applicants from 1997 through that time, including Social Security numbers and birthdates. USC shut down the Web site on June 21 after learning about the hack from SecurityFocus. The site was offline for two weeks.
The FBI, which investigated the breach, found McCarty through the Internet Protocol number on his home computer.
McCarty faces up to 10 years in federal prison if convicted of computer hacking. He is scheduled to appear in Los Angeles District Court on April 28.