The University of Wisconsin-Madison on Tuesday announced that a database at its law school suffered a data breach on Nov. 3, exposing personally identifiable information belonging to over 1,000 former applicants.
How many victims? 1,123 prospective students from 2005-2006.
What type of information? The database contained applicants’ Social Security numbers, which were paired with corresponding names. No other personal data was accessed, according to UW-Madison.
What Happened? On Nov. 3, university officials discovered that a hacker had gained unauthorized access to the University of Wisconsin Law School’s server earlier that day. Upon discovery of the breach, UW-Madison removed the affected records from the hacked server and contacted law enforcement authorities. The University of Wisconsin Police Department is now leading the investigation.
What was the response? UW-Madison began reaching out to affected individuals via email and snail email on Dec. 6, and is offering victims free credit monitoring and ID theft protection for one year.
Via its website, the university stated that it has increased security by “implementing additional vulnerability identification programs, evaluating current computer applications and decommissioning those no longer needed, tightening credentials for access to databases, and deploying additional network intrusion detection.”
Citing a police spokesman, the Wisconsin State Journal on Tuesday reported that investigators have identified a potential suspect who lives out of state. As of Dec. 9, no arrests have been made.