Personal data from the records of more than 300,000 University of Maryland (UMD) students, faculty, staff, and various personnel were exposed in a massive data breach Feb. 19.
The data breach, announced Feb. 20, could include personal information of anyone who has been issued a university ID since 1998.
UMD President Wallace Loh said in a statement that the breach was a result of a “sophisticated computer security attack” on a “specific database of records maintained by our IT Division.”
Those who leveled the cyberattack on the university’s database had a “very significant understanding” of how the school stored and protected its records, according to a report in The Washington Post.
The exposed personal information, Loh said, includes name, Social Security number, and date of birth. Financial, academic, and health information was not compromised in the hack.
Universities: key cogs in the cybersecurity fight
Deena Coffman, CEO of consulting for the data security company Identity Theft 911, said higher education has struggled with data breaches due in large part to the campus culture.
“Universities have a culture of sharing and collaboration which lends them to not protect information,” she said. “They also don’t invest in technology, and they have collected years, decades actually, of personal information on students, parents and research subjects that they tend not to delete.”
“[Universities] will keep an old server around until anyone who remembered that it held sensitive information has graduated or left then decide to use it to post information,” Coffman continued.
Melissa De Candia, a sophomore journalism student at UMD, said she wasn’t pleased with that way the university had dealt with the security breach, as the university’s student paper reported the records were compromised well before the school made an official announcement.
“I am definitely concerned about the recent data breach. I’m usually very careful about who I give my information to and knowing someone might be using it is pretty worrisome,” said De Candia, 19. “… The eMail I received from the university basically just apologized, which wasn’t all that reassuring for me.”