The University of Southern California joined a growing number of schools to report a computer security breach where sensitive personal data may have been compromised, officials said on Tuesday.
The school’s online application database was broken into last month, leaving 270,000 records exposed. The information compromised included names and Social Security numbers. It was the third California university in the past several months to lose important data.
School officials, who were not able to identify exactly which records may have been exposed, said it learned of the compromise on June 20 after a journalist came forward with information regarding the breach.
The site will be back up once new security measures are taken, according to Katherine Harrington, dean of the school’s admissions and financial aid.
However, it is believed only a small number of records were actually exposed, according to Harrington.
“We are quite confident that there was no massive downloading of data,” Harrington said.
A California law that took effect two years ago requires institutions to inform those affected when their personal information has been stolen or accidentally released.
In March crackers broke into California State University, Chico’s, housing and food service computer system, which contained information about 59,000 current, former and prospective students, as well as faculty and staff.
And a computer system that stored fund-raising information of possibly up to 120,000 alumni of Boston College was also hacked in March. The vital information also included names, addresses and Social Security numbers.
Harvard University also said a hacker gained access to its admissions systems and helped applicants log on to learn whether they had gained admission before the results were released.
According to an Entrust survey of 1,003 likely U.S. voters, 97 percent of the respondents rate identity theft as a serious problem, with 48 percent saying they now avoid online purchases out of fear of their financial data being stolen.
A California law requires a business, school or government agency to notify individuals in writing or by e-mail if unencrypted personal information may have been compromised.
The California law has spurred interest in nationwide legislation for notification.