Cyber Criminals Manipulate Plugin; Gain Access to Sensitive Data

On Tuesday February 18, 2014, the University of Maryland’s Information Technology Division was attacked and became victim of a database breach. In that breach, there were 287,580 records of personnel, students and anyone else affiliated with either of the University’s campuses. These records included names, SSN’s, dates of birth, and UID’s. There are no reports of other types of information having been compromised.

The breach was accomplished with the usage of a Trojan horse. The hacker uploaded a virus file containing malware that targeted passwords and credentials from IT managers. The virus was uploaded on the university website and the path that was taken involved exploiting a plugin used to upload photos to the website. After the hacker gained access to the IT credentials, they could now access personal records up to the last 20 years. The universe ended up having to pay more than $6 million in credit monitoring services for victims.