At least 63,000 current and former students at the University of Central Florida are getting bad news this week: Someone breached the schoolā€™s network to access their social security numbers and other sensitive personal data.

Student-athletes, students who were also working for the university, and faculty are the main groups on campus affected. While UCF said that credit card information, medical records, and grades were not exposed, it recommends that the student body check its credit reports and bank statements ā€œout of an abundance of caution.ā€


UCF set up a web page to answer questions about the data breach, and explain its response:

Upon learning of the incident, UCF immediately launched an internal investigation and reported the incident to law enforcement. We also engaged one of the nationā€™s leading incident response and digital forensics firms to assist in our internal investigation.

We are mailing notices to individuals who may have been affected by the incident so they can take steps to safeguard their personal information going forward.


Since the school found out in January and informed people the next month, the lag time is relatively small compared to the inept responses to other hacksā€”the Office of Personnel Management, for instance, was still trying to notify federal employees that theyā€™d been hacked over six months after its breach was disclosed.

That doesnā€™t mean UCF gets a gold star for doing what it should. If anything, we should continue to question why the school wouldnā€™t immediately tell people to change their passwords, or why its security sucked so much in the first place.


Image: Wikipedia