Thursday, December 14, 2006

Data Breach at UCLA

The UCLA reports that there was a signicant data breach after hackers gained access to the its database containing records of up to 800,000 people. This blogger is not a data security expert but I still find some of the things that were overlooked puzzling. The information not only included the files of current and former students, staff and faculty, but the names and their social security numbers. While the UCLA spokesperson states that there is no evidence yet that the data has been misused, it is highly unlikely that such a sophisticated attack would be merely for fun. Some of that information will indeed be misused and there may be danger ahead. While sympathetic to the plight of the UCLA and the students, I wonder why institutions such keep such detailed information in the first instance. Shouldn't the lesson of the recent breaches be that minimalism is the way? Do not keep more data than is absolutely necessary. On the other hand, an institution that maintains records concerning 800,000 people ought to naturally find an encryption programme.

News Source: http://www.nytimes.com/2006/12/13/us/13hacker.html