University of Wisconsin Warns of Major Data Breach
More than 60,000 former students and staff are just finding out that hackers had access to their personal data for more than two years.
Tens of thousands of former University of Wisconsin students and staff members this week continued to receive advisory letters from the University, warning them that hackers managed to break into a database containing their social security numbers and other sensitive information.
Worse, according to the letter (available in PDF format), it appears the hackers had unbridled access to the database for more than two years, putting at least 60,000 former students and employees at risk. School officials first began notifying affected individuals on Nov. 30, almost a month after the breach was first detected.
According to University of Wisconsin officials, the data breach was discovered in late October, when the Wisconsin Union, which administers the campus ID card program, noticed that a database was repeatedly accessed going back as far as January 2008.
A compromised file in the database included social security numbers associated with individual photo IDs and names.
Thus far, school officials said, it doesn't appear that any of the student and staff names or social security numbers have been used for any nefarious purposes.
"The University apologizes to you for this situation," the advisory letter said. "We take computer and data security very seriously, making consistent and strong efforts to protect thousands of computers located on the campus."
In the wake of the breach, the school's IT department said it has reviewed all security procedures and policies and deployed network intrusion detection applications and implemented a vulnerability identification program to better safeguard student and staff data.
State schools and universities are among the most likely government agencies to suffer data breaches. According to security software vendor Application Security, more than 2.3 million files have been breached at U.S. colleges since 2008.
High-profile breaches at universities from Florida to Hawaii have exposed student and employee data of all types on a weekly basis and forced school officials across the nation to evaluate and revamp their IT security policies to ward off future breaches.
Keep up with security news Follow eSecurityPlanet on Twitter: @eSecurityP.
October 19, 2010
Security software vendor McAfee found that social security numbers stolen from colleges and universities are most likely to be used for identity theft.