In what appears to be one of the largest computer security breaches ever at an American university, one or more hackers have gained access to a UCLA database containing personal information on about 800,000 of the university's current and former students, faculty and staff members, among others.

Ok... is it me? or is this 2006 going on "When are people going to GET IT?"

There needs to be some repercussions for these types of losses. I'm sure UCLA will simply raise their tuition fees to cover any losses, but how about losing their accreditation for 2 years? If they are fraudulent in Sports, they can't play, but if they are weak in INFOSec, there's no penalty? This can't be right... what message is this spreading?

I'm not trying to pick on Universities, but we need to have stronger drivers than the press, for organizations to "Do the right thing" with Information Security.

If we were to put this into the physical realm, someone would be fired, and or go to jail, as this would mean that there were no guards around the data, and it wasn't locked up, nor audited... for OVER A YEAR!!!, That's just irresponsible... and in legal terms, GROSSLY NEGLIGENT.

I hope that some of the people who's information was not protected by UCLA sue the school for millions in mental distress and damages... we need to raise the level of awareness...

If UCLA isn't doing their INFOSec job right, what is the local community college doing with it? How about the mom & pop bank? Or anywhere else that your personal information may be stored?

Gawd it's too early to be awake...