Western Connecticut State University recently began notifying students and their families that their personal information, including their Social Security numbers, may have been exposed due to an unidentified "computer system vulnerability." The university says it has no evidence at this point that the records were ever accessed inappropriately.
The vulnerability, which existed from April 2009 to September 2012, affects 233,880 people whose records had been collected beginning in 1999, including students, their families, and others, including high school students whose SAT scores had been purchased in lists.
"We are disappointed that the potential existed to have these records exposed but we will do everything we can to protect our students, their families and others with whom we have worked," WCSU president James W. Schmotter said in a statement. "The steps we are taking and the solutions we are offering to every one of those affected are designed to address any problems this situation may have caused."
"The university said it will pay for two years of identity-theft protection for those who want it, at a cost likely to reach upward of $1 million," writes The Connecticut Post's Eileen FitzGerald. "The vulnerability was discovered during routine maintenance in February, but it was not reported to Schmotter until Sept. 26 when, he said, he activated the Board of Regents' security incident response plan and fixed the problem. 'Mistakes and errors in judgment were made, and we are making people accountable,' Schmotter said."