How many victims? 176,567.
What type of personal information? Names or electronic identification, Social Security numbers and, in some cases, dates of birth and home addresses. Affected individuals include current and former VCU and VCU Health System faculty, staff, students and affiliates, such as contractors and visiting professors. VCU Health System patients were not affected.
What happened? During routine monitoring, suspicious files were found Oct. 24 on a server containing sensitive data. The affected server was taken offline, and a forensic examination showed that intruders accessed the system from an IP address within the United States and stayed connected for 16 minutes.
Five days later, university officials found two unauthorized programs on a second server. Investigators determined that the attackers planted malicious programs on the first breached server, which enabled them to perform subsequent attacks and access other systems.
Details: School officials do not believe the attackers accessed the information for the purpose of conducting identity theft, though they did not say what they believe the hackers' motivation was. This is not the first breach VCU has experienced. In 2009, a university computer containing 17,214 Social Security numbers was stolen.
What was the response? The university is planning to hire an outside consultant to examine its information technology systems. Affected individuals are being notified. VCU police and the FBI are investigating the incident. The university is not providing affected individuals with free identity protection services because it deems the risk of identity theft low.
Source: http://www2.timesdispatch.com/, Richmond Times-Dispatch, “Breach exposes data at VCU,” Nov. 12, 2011.