University of Maryland (UMD)

UMd. Network Vulnerable to Hackers: State Audit

The University of Maryland at College Park has taken significant steps to reduce the likelihood of data breaches like the one that exposed the Social Security numbers and other identity records of about 288,000 current and former students, faculty and staff members in February, a university official said Thursday.

Still, the university's computers remain vulnerable to hackers five years after administrators were told about security flaws, according to a state audit.

Eric Denna, the school's chief information officer, said in an email that the shortcomings identified in a 2009 audit weren't related to the Feb. 18 data breach.

"The University of Maryland has invested significant resources and effort into risk management and minimizing the likelihood of any future data breaches," Denna wrote. "Our approach includes identifying and isolating sensitive data; encrypting data; monitoring and restricting access to confidential data; educating the UMD community on IT best practices and avoiding behaviors that increase risk of another data breach."

The Office of Legislative Audits said in a report released Wednesday that the university needs to configure its firewalls -- software programs designed to block intruders -- to adequately secure its network. The agency also said the university should regularly review and investigate any unusual or questionable items on its network security events log.

Both recommendations are repeats from the 2009 audit.

Denna said the flaws identified in the 2009 audit were immediately addressed. But the new audit found that as of Feb. 26, the school's Division of Information Technology maintained firewalls for only 15 of the more than 500 campus departments that use the school's Internet-connected wide-area network.

The new audit found that as of June 2 of this year, the school had spent $2.8 million to notify victims about the breach and provide credit monitoring to about 101,000 who requested it.

Brian Voss, the school's chief information officer at the time of the breach, retired in March.

Copyright AP - Associated Press

This article tagged under:

University of Maryland (UMD)College Park
Local Northern Virginia Prince George's County Subscribe to The 4Front Weather Changing Climate See It, Share It Videos Investigations Consumer Submit a tip The Scene Subscribe to The Weekend Scene Entertainment News 4 Your Home U.S. & World Money Report Politics Health Changing Minds
About NBC4 Washington Our news standards Our apps Submit photos and video Submit a consumer complaint Take our survey Promotions Newsletters Cozi TV
Contact Us