The University of Virginia and the University of Iowa are both reporting that they have suffered breaches that compromised faculty or student information.
Two universities suffered security breaches that compromised the security of sensitive personal information on students and faculty.
Both the University of Iowa and the University of Virginia announced last Friday that they have been sending out notifications about the breaches.
The University of Virginia said its investigation has shown that on 54 separate days between May 20, 2005, and April 19, 2007, a hacker broke into the network and accessed the records of 5,735 faculty members. The school called in the FBI to work on the case alongside the university police and its IT workers.
"We sincerely regret the distress this causes to our colleagues," said James Hilton, the university's VP and CIO, in a written statement. "This theft adds greater urgency to our ongoing effort to remove from databases Social Security numbers and other personal information that could be accessed through the Internet and later potentially abused. The university is continually modifying its systems and practices to enhance the security of sensitive information and training its employees in data protection."
The school pointed out in an online release that information on students and non-faculty staff members wasn't compromised.
Those who were affected include anyone who taught or had any faculty designation from approximately 1990 to August 2003. Of those whose records were accessed, about 2,100 are currently employed at the university.
The faculty information that was accessed included dates of birth and Social Security numbers. People looking for more information can go to this Web site.
The University of Iowa breach affected about 1,000 students and applicants to the school's Molecular and Cellular Biology graduate program, along with about 100 faculty members associated with the program, according to an online release.
A staff member in the graduate program discovered the security breach on May 19. Social Security numbers of faculty, students, and prospective students were stored on a Web-based database program that was compromised. The university did not say when the security breach occurred.
"We are deeply concerned that this happened," said John Keller, an associate provost and dean, in a written statement. "We apologize, and we want our faculty, students, and prospective students to know that we are working expeditiously to correct this problem. We have notified the appropriate UI and law enforcement officials, and we are evaluating our systems to identify additional ways to protect our Web sites."
The University of Iowa created this Web site for anyone wanting more information.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.