COLLEGE PARK, Md. (WJZ) -- The University of Maryland president testifies on Capitol Hill about the widespread data breach that exposed hundreds of thousands of people's personal information.
Dr. Wallace Loh reveals how the hackers got in and how the university scrambled to deal with it.
Christie Ileto has more.
A massive data breach at University of Maryland, College Park has President Wallace Loh explaining what what went to U.S. Senate members.
"We were just flying by the seat of our pants," Loh said.
Loh says an intricate cyber attack caught the university off guard when a hacker uploaded a Trojan horse onto a university website.
The dangerous malware detects passwords for IT managers, allowing access to more than 300,000 social security numbers.
"I was surprised that it even happened in the first place. I thought Maryland was more secure than that," Damilola Otukoya said.
The university admits those sensitive records should have been purged. Instead, the oversight is costing them millions.
"The reason they're stealing social security numbers is because they're valuable," Loh said. "If they were not valuable, nobody would be stealing them. So pass a law forbidding financial institutions from requiring social security numbers."
This comes as Target and high-end retailer Neiman Marcus face breaches with the same malware attacking their online credit card processing.
"I do check my credits after these events came out," said Erica Chen, UMD student.
The university has set aside more than $6 million to pay for credit monitoring for victims.
"I'm sure there will always be something that cyber hackers will look for or get, some kind of vital information. If it's not here, then it will be somewhere else," Otukoya said.
But some students remain skeptical their personal information is any safer than before.
Since the breach, the university has created an 18 member task force on cyber security.
Loh says, so far, 30,000 people have registered for the free credit protection services.
Other Local News:
for more features.