A 20-year old student at the University of Texas of Austin has turned
himself into authorities and is now facing federal charges for the massive
break-in that exposed personal data of approximately 55,200 individuals.
Christopher Andrew Phillips, a computer science major, was charged with
“unauthorized access to a protected computer and using a means of
identification of another person with intent to commit a federal
The Justice Department said Phillips turned himself in to the U.S. Secret
Service office in Austin after officials searched his home and recovered
downloaded names and social security numbers. A computer found in Phillips’
home also recovered the program used to access the UT database, the Justice
According to published reports in Texas, Phillips admitted on March 5
that he had written and executed a program that could access a university
Web site and its database. An affidavit signed by a Secret Service agent
said the computer program entered sequential Social Security numbers at a
rate of 36,000 to 72,000 per hour and then gathered personal information
related to successful hits.
Phillips, who has no prior criminal history, appeared before a Texas
Magistrate and was released on his personal recognizance. He is banned from
using computers as a condition for his release.
If convicted, he could face a maximum term of eight years in a federal
prison and up to $500,000 in fines.
On a special section of
its Web site, which is dedicated to the data theft incident, the school made
it clear there is no indication the stolen data was shared or used.
“At this point, there is no indication that the stolen data was further
disseminated or used to anyone’s detriment. Nevertheless, persons who may
have been directly affected by this incident should remain alert for
possible misuse of their names and social security numbers, and promptly
report any suspected illegal activity to the United States Secret Service,”
according to a note on the Web site.
The security breach, which was described as a “deliberate attack,”
targeted UT Austin’s personnel database and captured names, matching social
security numbers, e-mail addresses, titles, department names, department
addresses, department phone numbers, and names and dates of employee
training programs attended.
Personal information from current and former students, current and former
faculty and staff, and job applicants was stolen.