Alabama's Auburn University College of Business recently began notifying 13,698 current and former students, students, faculty and staff that their personal information, including names and Social Security numbers, may have been exposed when a university server was breached (h/t SC Magazine).
The breach, which took place between October 21, 2013 and November 20, 2013, was disccovered on November 20, according to the university.
"Upon learning of this incident, Auburn University immediately patched the vulnerability and launched an internal investigation to determine the scope of this compromise," university dean Bill Hardgrave wrote in the notification letter [PDF]. "When it became clear that this incident could result in the unauthorized access to personal information, Auburn University retained specialized data security counsel to assist with its invetigation of, and response to, this event."
While there's no indication at this point that any of the data was used inappropriately, all those affected are being offered a free one-year membership in Experian's ProtectMyID Alert service.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
In a separate incident last summer, an undisclosed number of Auburn University alumni and donors' names, Social Security numbers, mailing addresses, e-mail addresses and phone numbers were mistakenly made available online.