Computer Security Incident on UCSD Campus

UCSD
CAMPUS NOTICE
University of California, San Diego

OFFICE OF THE CONTROLLER

May 6, 2004

ALL ACADEMICS AND STAFF AT UCSD (including UCSD Healthcare)
ALL STUDENTS AT UCSD

SUBJECT: Computer Security Incident on UCSD Campus

Business and Financial Services (BFS) is in the process of notifying approximately 380,000 individuals that computer intruders may have illegally accessed computers storing their private information. A web server and three workstations containing names, Social Security numbers and/or driver's license numbers were breached. Included in the total approximate number of individuals impacted by this illegal intrusion are 2,400 current and former faculty, 1,400 current and former staff, and 178,000 current and former students. An additional 198,000 individuals who applied to UCSD but were never enrolled are also among those being notified.

While there was evidence on one computer that an unauthorized intruder was using disk space for DVD storage, there were no indications on any of the machines that the private information had been accessed or stolen. Regardless, we have taken the precautionary step of mailing notification letters to all affected individuals. This notification process began on Wednesday, May 5. Given the large number of individuals involved and our desire to obtain accurate mailing addresses, we expect the process to take two to three weeks. To assist us in spreading the word, the University Communications Office is sending a press release to news media across the state informing them of the incident.

If you do not receive a notification and are concerned that you could have been affected, please take one of the following actions:

* Consult the incident web site, http://idalert.ucsd.edu

* Send any questions you may have about your private information to
idalert@ucsd.edu, or

* Contact the Telephone Call Center with specific questions about your
private information: On campus 2-2830, local at(858)822-2830, or
toll-free (866)890-5560

We sincerely regret that this illegal intrusion has occurred, and we have taken immediate steps to significantly strengthen our security against potential future attacks. We have also referred this incident to local law enforcement agencies for investigation.

Don Larson
Controller