Hackers steal 300,000 records from University of Maryland

Hackers are going back to school. Literally.

The University of Maryland on Wednesday announced it had fallen victim to a sophisticated cyber-attack that exposed records containing personal information of more than 300,000 students, faculty and staff.

“Universities are a focus in today’s global assaults on IT systems,” University of Maryland President Wallace Loh said in a letter to the university community. “We recently doubled the number of our IT security engineers and analysts. We also doubled our investment in top-end security tools. Obviously, we need to do more and better, and we will.”

The breach exposed 309,079 records of faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses who have been issued university identification since 1998.

The records included name, Social Security number, date of birth and university identification number. No other information was compromised — no financial, academic, health or contact information, the school said.

“With the assistance of experts, we are handling this matter with an abundance of caution and diligence,” Loh said. “Appropriate state and federal law enforcement authorities are currently investigating this criminal incident. Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multilayered security defenses were bypassed. Further, we are initiating steps to ensure there is no repeat of this breach.”

The university is offering one year of free credit monitoring to all affected persons with future measures expected to follow once more information about the breach becomes available.

Data breaches at large universities are nothing new.

Ohio State University said in 2010 hackers had penetrated a college server that contained the names, birth dates and Social Security numbers of 750,000 people, exposing them to risk of identity theft.

Last year, the University of Virginia said Social Security numbers of more than 18,000 students were mistakenly printed in the address field of health insurance brochures mailed to their homes.

There have also been public breaches at the University of North Florida, the University of Hawaii and the University of Tampa, among others.