Hackers have compromised the personal information of more than 309,000 students, staff and alumni at the University of Maryland dating back 16 years, the school announced. University of Maryland President Wallace Loh called it a "sophisticated attack" on the school's multi-layered security defenses.
The database that was targeted contained the social security number, date of birth, name and university ID number of faculty, staff, students, and affiliated personnel at the university's College Park and Shady Grove campuses who have been issued with a University ID since 1998. Financial, health, academic and contact information aren't believed to be at risk, Loh said.
Loh also said that despite the university recently doubling the number of IT security engineers and analysts, as well as their investment in "top-end" security tools, more needs to be done to guarantee protection and prevent another attack.
The University says that state and federal law enforcement, including the FBI, U.S. Secret Service and Maryland State Police are investigating the breach, along with computer forensic investigators. They are also offering one year of free credit monitoring to those affected.
The University of Maryland cyberattack comes a few months after an enormous data breach at Target stores across the country affected 70 million people, more than the 40 million customers the company originally thought. Universities continue to be a target for hackers. Last year, Ferris State University in Michigan announced that the names and social security numbers of 39,000 current and former staff and students had been compromised.
"A lot of times these are because someone has, metaphorically speaking, left the door open," said UMD vice president and chief information officer Brian Voss told The Baltimore Sun. "This is not that. This is a very sophisticated and dedicated person who worked their way around a good deal of security in order to get a very specific set of data. We're still trying to understand what happened and how they actually did this, but they appear to know what file they wanted to go after."
"In today's day and age it really could be anybody," Voss said. "When we say something is sophisticated and well done, that doesn't mean it's not a kid sitting in his shorts in his parents' basement in Denmark. We don't know."