Data Security Breach at UCLA

IT Professionals,

Yesterday UCLA announced it was responding to a security breach of a core
system that contained records of over 800,000 student, staff, faculty and
alumni. While security incidents and data theft are becoming all too
common, the type of breach at UCLA represents a far more serious trend.
Past incidents were commonly the result of a stolen laptop or suspicious
virus on a machine where the motive was often something other than the
data theft. However, recent experiences point to an increase in
systematic attacks on higher education institution where systems are
probed and weakness exploited specifically for the purpose of stealing
identity information. The primary system exposed at UCLA was managed by
professional IT staff, appeared to be properly maintained, and was
regularly patched. However, exploits of this type often come through a
secondary computer that had a previously unknown security flaw which
allows access to large centrally managed data store. In this incident,
the exploited data was accessed and available to the hackers beginning as
early as October 2005.

At Berkeley, we have all been working to improve our security measures,
protections, and response procedures. The required compliance with the
minimum security standards and recent release of the RDM application
(http://rdm.berkeley.edu) will provide further opportunity to secure
sensitive data that campus manages. However, this is a situation where
our work is truly never done. As stewards of campus data and the
technology that supports it, please take the time to review your security
procedures and double check patch levels for all applications and systems
under your management. Please speak to your manager, director, or Dean
to bring to their attention any situations which you believe could put any
campus data at risk so appropriate actions can be taken.

More information regarding the UCLA situation can be found at:

http://www.latimes.com/news/local/la-me-ucla12dec12,0,7111141.story?coll=la-home-headlines
http://newsroom.ucla.edu/page.asp?RelNum=7571
http://www.identityalert.ucla.edu/

Regards
Shel

-- 
Shelton Waggener
Associate Vice Chancellor & CIO
University of California, Berkeley
2195 Hearst Ave., Suite 200
Berkeley, CA 94720-3812
mailto: shelw_at_berkeley.edu
510-642-4096
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.