According to the on-line publication Computerworld, a UCLA computer database containing names, addresses, social security numbers and other personally identifying information about staff, faculty, parents and students was a regular target for a hacker/identity thief over the past year. Amazingly, this breach went undetected for at least one full year. Citing a UCLA information Release, Computerworld indicated:
The breach was discovered on Nov. 21 this year, when the university’s computer security technicians noticed an “exceptionally high volume of suspicious database queries,”
In the meantime, over 800,000 people have had their identities compromised and may become the next victims of identity theft.
According to the UCLA Office of Media Relations:
[A]ccess to the restricted database was gained by a computer trespasser utilizing a software program designed to exploit an undetected software flaw, thereby bypassing all security measures. A problem was detected Nov. 21 when computer security technicians noticed an exceptionally high volume of suspicious database queries. An emergency investigation indicated that access attempts had been made since October 2005 and that the hacker specifically sought Social Security numbers, Davis said.
For the past decade, UCLA has been systematically upgrading computer security but had not yet identified the vulnerability maliciously exploited by the computer hacker. During this time, UCLA installed and strengthened firewalls and intrusion-detection systems, removed Social Security numbers from computer screens and written reports, and prohibited their storage on portable devices, among other steps.
I have trouble understanding why, in light of all the updates, system modifications, and intrusion-detection systems in place as UCLA has suggested, the intrusions were not detected for over one year. It seems to me that if it takes one year for an intrusion detection system to detect an intrusion, something must be wrong. What are your thoughts?