San Diego (CA) – Federal prosecutors have charged a San Diego man with hacking into the University of Southern California’s student applications system. Eric McCarty, a network security penetration tester, used a database vulnerability to gain access to a Web site that contained the personal information of more than 275,000 who applied to the college since 1997.
Authorities say McCarty copied several records, but did not specify an exact number. McCarty accessed the Web site last June, after which, it was shut down to let engineers to fix the vulnerability. The site remained offline for two weeks thereafter.
Federal regulations like Sarbanes-Oxley and HIPAA have placed greater responsibility on corporations to make sure their systems are secure. Penetration testers, or “pen-testers,” are being hired by more and more companies, to legally hack into their own systems.
McCarty faces ten years’ imprisonment if convicted.