The Orange County Register reports that approximately 1,800 students’ personal information may have been exposed when computers at the University of California Irvine (UC Irvine) student health center were infecting with keylogging malware for a six-week period.
The malware captured data including students’ names, unenrypted medical information, student ID numbers, mailing addresses, phone numbers, amounts paid to the health center for services received, and bank names and check numbers (if payment was made by check).
The malware, which was first detected by the California Information Security Office on March 26, 2014, collected information from February 14 to March 27, 2014.
“We immediately disconnected the infected machines from the Internet, confirmed that no other components of our network were infected and otherwise contained and remediated the incident,” UC Irvine stated in the notification letter [PDF]. “We have also reported the incident to law enforcement.”
All those affected are being offered one free year of credit monitoring and Internet monitoring services from ID Experts.