COLLEGE PARK, Md. (AP) - State auditors say sensitive data in computers at the University of Maryland-College Park remains vulnerable to hackers five years after administrators were told about security flaws.

The university said Thursday that the shortcomings identified in a 2009 audit weren't related to a data breach in February involving the records of about 288,000 students, faculty and staff members.

The Office of Legislative Audits released its findings Wednesday. It says the university needs to configure its firewalls to adequately secure its network. The agency also says the university should regularly review and investigate any unusual or questionable items on its network security events log.

Both recommendations are repeats from the 2009 audit.

The university says it's testing a new firewall management system and improving its log review procedures.