Users of the University of Southern California’s online application system over the past 8 years will be notified of the problem.
The situation at USC, where a hacker improperly accessed files on the system, has some similarity to a problem at Stanford that was reported to the FBI on May 11.
In the USC case, an outsider exploited a security flaw in the application system and viewed about ten files. That person then reported the flaw to the SecurityFocus web site, which in turn contacted USC.
The University then notified the FBI. But at this time, it is thought criminal charges will not be pursued because the hacker wasn’t maliciously seeking private information. Despite that contention, USC will alert all the people who used the system over the past eight years.
“Although we believe that the scope of this is pretty small, we’re taking it very seriously and we are taking great care to notify every single person where there is even the potential that their records might have been viewed,” said L. Katharine Harrington, USC’s dean of admission and financial aid, in an AP report.
Colleges have been plagued with hackers over the years. In recent months, schools like Harvard, MIT, and USC have rejected business school applicants who tried to determine their admission status ahead of scheduled times via flaws in admission web sites.
More malicious attackers stole personal information from their schools at the University of Texas and California State-Chico.
For USC, even though the reported scope of the breach is quite small, it isn’t clear whether the person who reported the security flaw was the only one who discovered it. That uncertainty has probably led to USC’s advisory on the issue to its application system users.
David Utter is a staff writer for Murdok covering technology and business. Email him here.
