More than 6,000 individuals are being notified by California State University, East Bay, that their personal information – including Social Security numbers – may have been compromised by an unknown third-party.
How many victims? 6,036, mostly faculty and staff, as well as 507 birth dates, according to reports.
What type of personal information? Names, addresses, dates of birth and Social Security numbers.
What happened? An investigation revealed that an unknown third-party broke into a University web server using an overseas IP address and a tool designed to secretly access information on the server.
What was the response? Malicious files were removed from the server and vulnerabilities have been mitigated, and steps have been taken to ensure similar incidents do not occur again in the future. All impacted individuals are being notified and offered a free year of credit monitoring services.
Details: The personal information was accessed on Aug 23, 2013. The affected server stored various employment transaction records and some extended learning course information.
Quote: “To date, we are not aware of any reports of identity fraud resulting from this incident nor do we have any evidence to suggest that your personal information has actually been misused,” Brad Wells, VP, administration and finance, and Chief Financial Officer with California State University, East Bay, wrote in the notification to customers.
Source: oag.ca.gov, “California State University East Bay – Sample Notice Letter to CA Residents,” Sept. 5, 2014.