More than 1,100 new students starting at the University of California Davis School of Veterinary Medicine got a shock last month when they found their personal accounts on the University computer system had already been accessed.
Investigators at the Sacramento-based University soon realised that the account details of around 1,120 applicant students from the 2007-2008 class had been illegally accessed. The hacked data included names, birth dates and Social Security numbers of the victims.
Unconfirmed reports suggest that data from 375 students from the 2004/2005 intake year may also have been hacked. Police are investigating the unauthorised system access and whether the personal data has been used for identity theft.
Commenting on this latest high-profile US hacking incident, Geoff Sweeney, CTO of behavioural analysis IT security firm Tier-3, said that the case highlights the need for multiple levels of protection whenever personal data is involved.
"Early indications are that the University had all the usual anti- virus, anti-trojan and other IT security applications in place, but these clearly weren't enough to stop the hacker(s)," Geoff Sweeney continued. "Had they installed behavioural analysis software on their computer systems, this would have spotted any unusual activity, such as students accessing their accounts before they had started at the University and been given their ID/password details, and locked down the suspect sessions."
According to Sweeney, the different types of threats facing modern IT managers are now so varied that a safety net approach – using behavioural analysis software - is now required to secure an IT system from the various attack vectors used by today's hacker-criminals.