The University of Virginia and the University of Iowa are both reporting that they have suffered breaches that compromised faculty or student information.
Two universities suffered security breaches that compromised the security of sensitive personal information on students and faculty.
Both the University of Iowa and the University of Virginia announced last Friday that they have been sending out notifications about the breaches.
The University of Virginia said its investigation has shown that on 54 separate days between May 20, 2005, and April 19, 2007, a hacker broke into the network and accessed the records of 5,735 faculty members. The school called in the FBI to work on the case alongside the university police and its IT workers.
"We sincerely regret the distress this causes to our colleagues," said James Hilton, the university's VP and CIO, in a written statement. "This theft adds greater urgency to our ongoing effort to remove from databases Social Security numbers and other personal information that could be accessed through the Internet and later potentially abused. The university is continually modifying its systems and practices to enhance the security of sensitive information and training its employees in data protection."
The school pointed out in an online release that information on students and non-faculty staff members wasn't compromised.
Those who were affected include anyone who taught or had any faculty designation from approximately 1990 to August 2003. Of those whose records were accessed, about 2,100 are currently employed at the university.
The faculty information that was accessed included dates of birth and Social Security numbers. People looking for more information can go to this Web site.
The University of Iowa breach affected about 1,000 students and applicants to the school's Molecular and Cellular Biology graduate program, along with about 100 faculty members associated with the program, according to an online release.
A staff member in the graduate program discovered the security breach on May 19. Social Security numbers of faculty, students, and prospective students were stored on a Web-based database program that was compromised. The university did not say when the security breach occurred.
"We are deeply concerned that this happened," said John Keller, an associate provost and dean, in a written statement. "We apologize, and we want our faculty, students, and prospective students to know that we are working expeditiously to correct this problem. We have notified the appropriate UI and law enforcement officials, and we are evaluating our systems to identify additional ways to protect our Web sites."
The University of Iowa created this Web site for anyone wanting more information.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.