Please ensure Javascript is enabled for purposes of website accessibility
The university has said the disclosure wasn't related to an earlier security breach involving personal information for more than 300,000 faculty, staff, students and others. (The Daily Record/Maximilian Franz)

FBI investigates man in UM data disclosure

The FBI is investigating a Baltimore-area computer worker in connection with the online disclosure last month of University of Maryland President Wallace Loh’s Social Security and cellphone numbers, according to court records.

An affidavit filed Monday in U.S. District Court in Baltimore names David Helkowski of Parkville as the target of the investigation.

Helkowski didn’t immediately respond to email and telephone queries Thursday.

The FBI also did not immediately respond to a query from The Associated Press.

University spokeswoman Crystal Brown declined to comment, citing a university policy regarding pending investigations.

The affidavit signed by Special Agent Jeremy Bucalo includes the text of online communications in which Helkowski allegedly wrote that he posted the information on the website to demonstrate to university officials that their system was vulnerable.

Another court document shows that the FBI removed computers and data storage devices from Helkowski’s home March 16.

Bucalo wrote in his affidavit that Helkowski was working for a university information technology contractor, Baltimore-based Canton Group, when he identified a security flaw in the school’s network. Canton Group informed the university of the problem on Feb. 27, the agent wrote.

On March 15, the school’s security task force received an email signed “the PPM,” an alias the FBI subsequently linked to Helkowski, informing them of the disclosure, according to the affidavit. The writer offered to “consider pulling it off the public internet (sic),” if university officials would “cooperate as in just let me impart some useful information on things that need to be fixed immediately — at no cost or demands of any sort.”

The university has said the disclosure wasn’t related to a Feb. 18 data breach involving records of about 288,000 faculty, staff, students and others.