UCLA Applicant Database Hacked

Julio D. Montejo ’10 anxiously eyed his computer screen, preparing for the worst.

Having applied to UCLA last year, Montejo worried that he might receive an e-mail notifying him that he was one of the 800,000 students whose personal information might have been accessed by a hacker who penetrated UCLA’s applicant database over the past year.

After a tense interlude, Montejo relaxed.

“Apparently, I’m safe,” he said.

He was one of the lucky ones.

Bearing the subject line, “UCLA Warns of Unauthorized Access to Restricted Database,” the e-mail from the school’s acting chancellor, Norman Abrams, warned that a “sophisticated computer hacker” had illegally gained access to the school’s database.

The database contained information about some student applicants and parents of applicants who applied for financial aid. Social Security numbers, dates of birth, home addresses and contact information were stored on the database, according to the e-mail.

The hacker “sought and retrieved” some Social Security numbers, the e-mail said.

“I question why [UCLA] still had my information,” said a UCLA applicant, Moises H. Gallegos ’10, who ultimately decided not to matriculate at the California university.

In response to the news, another applicant, Gideon W. Wald ’10, put out a fraud alert on his credit history and said he plans to take more steps during the winter break.

“There’s not much you can do but to take steps to prevent [fraud],” Wald said.

According to the e-mail, the hacker exploited a software flaw and fraudulently accessed the database between October 2005 and last month.

When UCLA discovered this activity on Nov. 21, the school responded by blocking all access to Social Security numbers, beginning an emergency investigation, and notifying the FBI, which is now investigating the incident as well.

Cynthia S. Tseng ’10 called a UCLA identity-alert hotline last night to confirm the validity of the e-mail.

“They didn’t seem to know what was going on,” she said. “They didn’t know what type of information had been taken.”

A UCLA spokesman did not respond to a request for comment.

The e-mail concluded that UCLA would not try to obtain personal information from any students, and said that under no circumstances should students divulge information to anyone claiming to be from UCLA.

Katherine S. Sengoba ’10, a resident of Irvine, Calif., who had considered applying to UCLA, said she was slightly delighted by the news. “I knew not applying to UCLA was a good idea,” she said with a laugh.