On August 12, 2013, the College of Extended Learning at San Francisco State University, began notifying an undisclosed number of students of a server breach that occurred on March 25, 2013 at 3am. The college had been alerted to the breach by federal law enforcement on June 11, 2013.

"The incident involved the unauthorized use of the server by a group not associated with SF State," college dean Jose L. Galvan wrote in the notification letter [PDF]. "Although we have no evidence of compromise of the databases also located on this server, federal law enforcement indicated more than 500 other sites were compromised by this same group and some of those sites did find evidence of compromised data."

The data accessible on the server included an undisclosed number of names, Social Security numbers and related information.


All those potentially affected are being offered two years of free identity protection from AllClear ID.