About 6,500 current and former employees of the American Institutes for Research (AIR) may have had unencrypted information – including Social Security numbers and payment card information – compromised after unauthorized access was gained to one of the organization's servers.

How many victims? About 6,500. 

What type of personal information? Social Security numbers and payment card information is among the unencrypted data that was compromised.

What happened? Unauthorized access was gained to an AIR server that contained the information.

What was the response? AIR brought on a digital forensics firm to carry out an investigation. All impacted employees are being notified and offered a free year of credit monitoring services.

Details: AIR learned of the incident on May 12. Notification letters are dated May 14. The breach impacted business systems, and student and client information was not affected.

Quote: “At this point, we have no evidence that any information was accessed or misused,” according to a notification letter from David Myers, president and CEO of AIR, obtained by Education Week.

Source: blogs.edweek.org, Education Week, “Major School Research and Assessment Provider Suffers Data Breach,” May 19, 2014.