The Cleveland Institute of Music (CIM) recently began notifying an undisclosed number of people that an unauthorized individual recently gained access to a CIM Web server containing system files, database files, and Web page files.
Some of those files, according to CIM, included names, contact information, credit card information and Social Security numbers.
While there's no indication at this point whether any of the personal data was accessed, CIM is notifying all those who had information stored on the server.
"CIM is taking every appropriate step to remedy this situation," CIM vice president and chief operating officer Eric W. Bower wrote in the notification letter [PDF]. "We immediately engaged a security service to perform an investigation, network security audit, and forensic data analysis. We have implemented the audit recommendations and system enhancements, including moving to a new, hosted provider with increased security features, to ensure that our network is secure and that we are not at risk of any futher security breach."