Application security, Breach, Data Security, Incident Response, TDR

Texas A&M grad charged with February password hacking

Authorities have charged a former Texas A&M student with hacking into university files to gain access to tens of thousands of passwords.

Luis Castillo, a recent graduate of the College Station, Texas-based university, was charged last week with felony reckless damage to a protected computer, according to published reports.

He faces up to five years in prison and a $250,000 fine for illegally accessing, in February, about 88,000 usernames and passwords of current and former students, faculty and staff. The credentials were used to login to email, course management and grade books.

No financial or personal data, such as Social Security numbers, were exposed in the attack, and college officials do not believe any accounts were accessed.

But after discovering the incident, officials asked nearly 100,000 network users to change their passwords. Those who did not change in time were forbidden access to university accounts.

Prosecutors said Castillo's attack caused $5,000 in damage for the university – much of which was spent to hire additional staff to help users manually alter their passwords after being locked out of the system.

A university spokesman today declined to comment on the case, and efforts were unsuccessful to reach IT staff to discuss the breach or what controls have since been implemented.

Texas A&M's Corpus Christi campus suffered a breach in June when a vacationing professor reported that he had lost a flash drive containing the personal information of about 8,000 students enrolled in his spring, summer and fall semester classes last year.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.