Hacker targets UCF, accesses 63,000 social security numbers

Student-athletes, in particular, were targeted, the University says.

Feb 29, 2020, 12:07 pm*

Tech

Kevin Collier 

Kevin Collier

There are still some Americans whose social security numbers have yet to be uncovered by hackers. But not many of them are recent student-athletes at the University of Central Florida. Or other students or faculty there, for that matter.

An unknown attacker previously breached UCF’s network, university President John C. Hitt announced Thursday, and was able to access around 63,000 student and faculty social security numbers. The school didn’t release when the actual attacks happened, though it did say it discovered the breach in January. Most other personal information—students’ grades, credit card numbers, or medical information—was not accessed, Hitt said.

By coincidence, UCF’s current student enrollment is about 63,000. But that’s not the exact same database that was breached, UCF Assistant Vice President Chad Binette told the Daily Dot over the phone. Instead, it’s split up among two distinct databases.

One breached database contained the information of about 600 UCF student-athletes and student managers from this and the previous school year. As of the current school year, UCF students with athletic scholarships receive a “cost of attendance” stipend, as recently allowed by the NCAA, Andy Seeley, the school’s assistant athletic director for communications, told the Daily Dot.

A second, far vaster database that the hacker breached contained the information of some 62,000 students and employees that the university designates under Other Personal Services. They include graduate assistants, resident advisors, and those on work-study programs.

The FBI is investigating the breach, Binette said, and the university is conducting its own internal investigation.

UCF does have a dedicated hotline for victims. “We’re trying to get the word out, trying to do everything we can,” Binette said. When the Daily Dot called that number, however, it was put on hold, intermittently told the remaining wait time was one minute, and disconnected after a 23-minute wait.

Update 6:45pm CT, Feb. 4: Story has been updated to reflect Binette’s comments.

H/T Databreaches.net | Illustration by Jason Reed

Share this article
*First Published: Feb 4, 2016, 8:27 pm