The IT department at Georgia-based Valdosta State University recently discovered that a school server, containing personal information of students and faculty, was accessed by an individual without authorization.

How many victims? 170,000.

What type of personal information? Grades and Social Security numbers.

What happened? Joe Newton, director of information technology at the university, said the breach was first detected on Dec. 11. It was determined that unauthorized access dated back to Nov. 11.

Details: An investigation has not yet determined if any personal data was stolen.

Quote: “An initial investigation has found no evidence that any personal data was accessed or transferred,” Newton said. “We regret the incident and are reviewing and revising our procedures and practices to minimize the risk of a recurrence.”

What was the response? The affected server was removed from the network and secured. The university is notifying affected individuals.

In addition, the university's police and division of information technology are conducting an investigation with the assistance of the Georgia Bureau of Investigation.

Source: http://www.valdosta.edu/notify/, Valdosta State University, “Breach Notification for December 11, 2009 Security Incident.”