ISU Security Breach Exposes SSN’s of 30,000 StudentsBy Staff Reporter, UniversityHerald Reporter
The security breach at Iowa State University Tuesday probably exposed social security numbers of students enrolled between 1995 and 2012.
The Information Technology Services said that the breach occurred in the servers of five departments (computer science, world languages and cultures, materials science and engineering) that contained 29,780 social security numbers and 18,949 student university Ids that do not have any use beyond the Ames campus. There was no financial information in the affected servers.
Two other servers (agricultural and biosystems engineering, and materials science and engineering) were also hacked but they did not contain any personal information.
University authorities said that the servers were hacked by an anonymous person, who planned to create bitcoins.
"We don't believe our students' personal information was a target in this incident, but it was exposed," Senior Vice President and Provost Jonathan Wickert said in a statement. "We have notified law enforcement, and we are contacting and encouraging those Social Security numbers were on the compromised servers to monitor their financial reports."
The University authorities discovered the unauthorized access late February and confirmed the breach March 17. Wickert said that they corrected and fixed the servers as soon as they found out, Quad City Times reports.
Annette Hacker, director of ISU News Service, said that until now they haven't found any evidence of information being used for illegal purposes. The five compromised servers were made by Synology that had previously reported similar attacks involving other users.
The university is offering a year free of credit monitoring and has hired AllClear, an identity protection firm, to help affected students.
The university has removed the damaged servers and taken similar servers off the internet to update them with hacking prevention software, Press-Citizen reports. They are planning to immediately implement its new "data collection policy," which provides for superior security standards and guidance, the Gazette reports. Tough password standards will also be introduced across all networks and mobile computers.
"Iowa State is not immune to hacking, but we are disappointed and sorry for the inconvenience this incident may cause," Wickert said. "We will continue to take every possible action to safeguard the personal information of those who learn and work here."