Hacker caught in the act at UCSF

Astute technicians who witnessed a hacker breaking into the secure server holding private information on staff and students averted a significant security breach at the University of California in San Francisco last March. According to the San Francisco Chronicle the breach, which was widely reported in the news on April 5 following a pro-active mass notification of potential victims by the university, could have affected up to 46,000 people.

The incident occurred on March 27, when university technicians were remotely accessing a server located at the University of California Office of the President in Oakland. Randy Lopez, co-chief information officer on the UCSF campus, noticed the server was running slower than usual. “We got suspicious and took a closer look. There was a program running that we didn’t know anything about,” he was quoted in the Chronicle.

The data held on the server related to the university’s payroll and student financial aid. A total of 43,000 campus payroll and 3,000 student aid records were stored there, giving the hacker a potential wealth of vital information that could be used for ID theft. According to Mr Lopez, the data on this particular system was not encrypted, as firewalls and other existing protection was deemed enough. Although it is not known whether the elusive hacker actually managed to access and steal any private information, the university is now revisiting this particular policy and has advised anyone affected to place their credit files on fraud alert if in any doubt.