The personal records of nearly 200,000 students were compromised when a virus attacked a Microsoft Windows 2003 Server at the Community College of Southern Nevada.
The attack, which occurred in February, potentially exposed the personal information — names, Social Security numbers and birth dates — of 197,518 former and current students stored in a Microsoft SQL database, said Rand Key, the North Las Vegas, Nev. school’s executive vice president.
Key said members of the school's IT staff were re-configuring the network to render it more secure when the [unidentified] perpetrator found a way into the server via a virus. Four days after the attack occurred, the IT staff members pulled the server offline and examined each of the 197,518 files to see if they had been downloaded, he added.
An investigation by the school and a subsequent forensics examination of the computer by a consultancy, SunGard Availability Services, did "not conclusively determine whether any information had been accessed and/or acquired," Key said.
The school mailed letters to individually notify the affected students, he said. "We also established a web site to provide information on the situation and resources to help prevent identity theft," he said.
The revelation of attack on the Nevada community college came just two days after the disclosure of a separate data breach at another educational institution. On May 11, a hacker accessed a computer at Goshen College that contained the names, addresses, birth dates, Social Security and phone numbers of 7,300 students, as well as information on some parents with the suspected motivation of using the system to send spam.