The University of Central Florida has announced that a hacker entered their system, gaining access to 63,000 Social Security numbers belonging to both current and former students, as well as staff members, going back to the 1980s.
In an online letter, UCF President John Hitt said the breach in the university’s network had been discovered by school officials last month, at which point law enforcement was notified. An investigation has since been launched by the school with the help of a national digital forensics firm.
The FBI’s Jacksonville office is working with UCF police and other agencies to investigate the incident and has sent out notifications to all US colleges as part of an effort to determine potential victims. FBI officials would not say anything further on the topic, writes Gabrielle Russon for The Orlando Sentinel.
School officials noted that the hacker was not able to access credit card information, financial information, or medical records.
UCF told Michelle Dendy for News 6 that the breach affected current student athletes as well as those who played last year, UCF Athletics support staff, undergraduate student employees, graduate assistants, housing residence assistants, adjunct faculty members, and both current and former student government leaders.
“Safeguarding your personal information is of the utmost importance at UCF. To ensure our vigilance, I have called for a thorough review of our online systems, policies and training to determine what improvements we can make in light of this recent incident,” Hitt wrote.
Joel Hartman, who oversees the university’s information technology department, said it is unknown who the hacker is, although he believes it to have been performed by multiple individuals over a period of time.
Hitt has authorized a review of the school’s online systems in an effort to determine improvements that can be made as a result of the breach in order to ensure future attacks are unsuccessful, reports Sherri Lonon for The Brandon Patch.
“To ensure our vigilance, I have called for a thorough review of our online systems, policies and training to determine what improvements we can make in light of this recent incident.”
Potential victims are being notified by school officials through a letter that was sent out at the end of last week. The school is offering them one free year of credit monitoring and identity protection services.
In addition, the school has set up a call center for those with questions. The center, which can be reached at 877-752-5527, will be open between 9 a.m. and 9 p.m. EST Monday through Friday. A website will also be updated with details pertaining to the incident as well as recommendations.
According to Von Welch, director of Indiana University’s Center for Applied Cybersecurity Research, the incident shows just how adept hackers have become at stealing information, and how protecting information online has become a new reality for schools and governments, among other agencies. He added that because these places have such large databases, it only takes one mistake to allow a hacker to gain access.