University of Southern California

San Diego Man Charged with Accessing University Applicants' Information

By Adam Dodge - Posted on April 21st, 2006

Quick Facts

Date: 4/21/2006
Institution: University of Southern California
Type of Incident: Penetration
Number Affected: 275,000
Source: InfoSec News
Abstract Source: North County Times

Abstract

Eric McCarty, 25-year-old from San Diego, is charged with breaking into the online application system of the University of Southern California. This system contains the Social Security numbers and dates of birth of over 275,000 prospective students that applied to USC between 1997-present. McCarty, who works as a penetration tester and network administrator, allegedly exploited a vulnerability in the application system's database to gain access.

Programming Flaw Exposes Applicant Information

By Adam Dodge - Posted on July 6th, 2005

Quick Facts

Date: 7/6/2005
Institution: University of Southern California
Type of Incident: Unauthorized disclosure
Number Affected:
Source: INFOSEC Year In Review
Abstract Source: The Register via RISKS

Abstract

A programming error in the University of Southern California's online system for accepting applications from prospective students left the personal information of ``hundreds of thousands of records'' publicly accessible. The flaw was discovered by a student in the process of applying.

[Abstract by Peter G. Neumann taken from RISKS 23.93]

Tagged: University of Southern California • 2005 • INFOSEC Year In Review • Personally Identifying Information • Unauthorized Disclosure

Monthly Archives

Syndicate

Not a fan of RSS, but still want to know when new incidents appear on ESI? Subscribe to e-mail alerts, powered by FeedBurner

Let Us Know

Know of an incident not listed here? Find a mistake in one of the incidents? Have a comment or recommendation for the editors? Let us know by using the Contact Us form.

Educational Security Incidents (ESI)

Sometimes the free flow of information is unintentional