Nearly 30,000 current and former students of Iowa State University are being warned that their Social Security numbers were exposed due to a server breach.
How many victims? 29,780 individuals whose Social Security numbers were impacted, as well as another 18,949 students whose university ID numbers were on compromised servers.
What type of personal information? Social Security numbers and university IDs.
What happened? IT staff at Iowa State discovered that five departmental servers on the campus were compromised, according to an April 22 news release from the school. Iowa State officials believe the intruders' intentions were to leverage more computer power in order to mine bitcoins, as opposed to targeting student data. So far, there is no evidence that exposed data files were accessed.
What was the response? Impacted individuals are being notified via mail this week. Iowa State is also offering one year of free credit monitoring to those whose Social Security numbers were exposed. After the 12 months, individuals can opt to renew the free offering for a second year, the release said.
In addition, the compromised servers, which were made by Synology, were “decommissioned, removed from the internet and destroyed,” the university added.
Details: The Social Security number breach impacted students enrolled in Iowa State between 1995 and 2012. Based on the servers that were compromised, the school believes affected students were those who took courses in computer science (between 1995 and 2005), world languages and cultures (in 2004, 2007, and from 2011-2012), and materials science and engineering (in 2001).
Quote: “Iowa State has always taken information security very seriously, and we will continue to take every possible action to safeguard the personal information of those who learn and work here,” Iowa State's Senior Vice President and Provost Jonathan Wickert said in a statement.“We have well-regarded cyber defense experts here who not only protect university data, but educate others on how to prevent computer attacks. Unfortunately, Iowa State is not immune to hacking, but we are disappointed and sorry for the inconvenience this incident may cause.”
Source: news.iastate.edu, “Iowa State IT staff discover unauthorized access to servers."