The breach was the result of a "deliberate attack" on Sunday morning, the school warned. The vulnerable system was shut down and analysis revealed that a "security weakness in an administrative data reporting system was exploited by writing a program to input millions of Social Security numbers."
UT Austin's VP of Information Technology Daniel Updegrove said Social Security Numbers that matched selected individuals in one of its personnel database were captured, together with e-mail address, title, department name, department address, department phone number, and names and dates of employee training programs attended.
Personal information from current and former students, current and former faculty and staff, and job applicants was stolen.
The U.S. Attorney's Office, the U.S. Secret Service and other law enforcement agencies were called in to investigate the hack but, to date, UT Austin said there was "no evidence that the stolen data have been distributed beyond the computer(s) of the perpetrator(s)."
"UT's highest priority has been to identify the source of the attack and to cooperate with law enforcement authorities to capture the perpetrator(s), and any associated computers and data. Our second priority will be to assess the extent of further data exposure -- if any -- and to establish a proactive communication program with affected individuals and the UT community," the university said.