Western Connecticut State University said Thursday it is in the process of notifying about 235,000 students, their families and others that their personal information may have been exposed to unauthorized access by a computer system vulnerability that has since been corrected.
The Danbury, Conn.-based university said it has no evidence records were inappropriately accessed. It said the vulnerability existed from April 2009 to September 2012 and potentially exposed information, including Social Security numbers of those whose records were collected by the university, over a 13-year period.
The university said in its statement that, in addition to students and families and those who had other associations with the university, the affected group also includes high school students whose SAT scores were purchased in lists, which is a common higher education practice.
The university, which is offering up to two years of ID theft protection at no cost to those impacted, said everyone in the affected groups will receive a letter explaining the protection being offered and how they may access it.
This statement said university president James W. Schmotter became aware of the issue in September. In a statement, he said, “We are disappointed that the potential existed to have these records exposed, but we will do everything we can to protect our students, their families and others with whom we have worked. The steps we are taking and the solution we are offering to every one of those affected are designed to address any problems this situation may have caused.”
Experts have said a massive South Carolina Department of revenue data breach that was revealed in October and exposed information on individual and corporate taxpayers will be a wake-up call to public entities across the country that store vast amounts of information, but likely have inadequate security protections in place.
(Reuters) — South Carolina Gov. Nikki Haley sought on Monday to temper the anger and frustration of state taxpayers left wondering if their personal information was compromised by recent cyber attacks on computers belonging to the Department of Revenue.