A 25-year-old man has been charged with hacking into the University of Southern California's computer system and accessing information about student applicants.
A criminal complaint unsealed Wednesday charges Eric McCarty of San Diego with transmitting a code or command to intentionally damage the school's Internet student application system, federal authorities said.
He could face up to 10 years in prison.
McCarty, a computer network administrator, allegedly earns money by carrying out "penetration testing" to simulate malicious attacks on computer networks.
Last June, prosecutors say he hacked into a USC database containing records on more than 275,000 applicants since 1997, saving names, passwords and social security numbers for seven applicants on his home computer.
He then allegedly reported the computer attack to a Web site, securityfocus.com, using the e-mail account "ihackeduscgmail.com." The site later told USC officials of the security flaw.
It was unclear whether McCarty had retained an attorney. A woman who identified herself as McCarty's mother was surprised to learn of the case, saying her son had cooperated with authorities last year and had even gotten some of his equipment back after federal investigators inspected it.
"My son certainly showed a lot of good will," Anneliese McCarty said in a phone interview. "He didn't steal anything, he just tried to point out a problem in the system."
But authorities said that McCarty's attack was not done in cooperation with USC, and that he reported it to a Web site instead of school officials.
"Our belief is that he knew that this was an inappropriate way to test someone's security and clearly this was computer intrusion," said Ken McGuire, an FBI supervisory special agent.
McCarty, who was not taken into custody, was scheduled to appear April 28 in federal court in Los Angeles.