A federal grand jury has indicted a former University of Texas student on charges he hacked into the university system and stole Social Security numbers and other personal information from more than 37,000 students, faculty and staff.
Christopher Andrew Phillips, 21, is charged in the four-count indictment with fraud and with storing credit card and bank account information with the intent to defraud. Phillips is not accused of using any of the information for illegal purposes.
The university spent $167,000 responding to the security breach and warning people of possible identity theft.
Phillips' attorney, Allan Williams, told the Austin American-Statesman his client is "a nice young man" who had no criminal intent.
Phillips has previously told officials he had no intention of using the information to harm anyone.
Phillips told investigators that he designed a program that attempted to access the university database by automatically entering Social Security numbers one after another. The numbers were entered as rapidly as 72,000 per hour from an off campus computer over five days in early 2003.
The indictment revealed that UT computer officials had previous run-ins with Phillips. Three times in 2002, Phillips "attempted to breach the security of hundreds of outside computer systems and was detected by" university officials, the indictment said.
Phillips is now studying computer science at the University of Houston, the newspaper reported.
Williams, the attorney, said Phillips never intentionally hacked.
"It's a technical kind of thing," Williams said. "He didn't use any hacking tools. The system was open; there weren't any signs saying 'don't go in.'"