Iowa State University is the latest educational institution to suffer a major cyber-attack.
The university announced Tuesday the Social Security numbers of nearly 30,000 students were compromised in a recent security breach.
“We don’t believe our students’ personal information was a target in this incident, but it was exposed,” said Senior Vice President and Provost Jonathan Wickert. “We have notified law enforcement, and we are contacting and encouraging those whose Social Security numbers were on the compromised servers to monitor their financial reports.”
Information technology staff discovered a breach of five departmental servers that contained Social Security and university ID numbers for students who took classes in computer science, world languages and cultures, and materials science and engineering.
The students with exposed information were enrolled between 1995 and 2012. In addition to the 29,780 Social Security numbers exposed in the breach, an additional 18,949 students’ university identifications were on the servers. There was no financial information in the exposed records.
The university has destroyed the compromised servers, and others of the same type have been taken off the Internet to be updated with hacking prevention software.
“Iowa State has always taken information security very seriously, and we will continue to take every possible action to safeguard the personal information of those who learn and work here,” Wickert said. “We have well-regarded cyber-defense experts here who not only protect university data, but educate others on how to prevent computer attacks. Unfortunately, Iowa State is not immune to hacking, but we are disappointed and sorry for the inconvenience this incident may cause.”
Data breaches at large universities are nothing new. Earlier this year, the personal information of more than 300,000 students, faculty and staff at the University of Maryland was compromised in a cyber-security breach.
Ohio State University said in 2010, hackers penetrated a college server that contained the names, birth dates and Social Security numbers of 750,000 people, exposing them to risk of identity theft.
And last year, the University of Virginia said Social Security numbers of more than 18,000 students were mistakenly printed in the address field of health insurance brochures mailed to their homes.
There have also been public breaches at the University of North Florida, the University of Hawaii and the University of Tampa, among others.