Sacred Heart University became the latest school to fall victim to a computer hack, which exposed the personal information of as many as 135,000 students and alumni.
The information included names, addresses, Social Security numbers and 103 credit-card numbers of people affiliated with the school, said Sacred Heart spokeswoman Funda Alp.
Information technology staff for the Fairfield, Conn., school discovered a rootkit The staff found the virus during a routine maintenance check May 8. “We immediately took the computer offline and began an aggressive investigation using university resources and an independent Internet security firm to determine if data was accessed,” Alp said. “We cannot confirm that any of the sensitive files on this computer were actually accessed, but we believe that the intruder had the expertise to do so.” But Alp said the school has not received any reports of identity fraud related to the breach, and that it sent letters to those affected and suggested precautionary measures to ensure their personal information wasn’t used without their knowledge. The company said on its Web site that those concerned about the possible illicit use of their personal information can check with credit bureaus to see if their accounts were used for unauthorized purchases. The breach is the latest in a series of computer hacks to rock businesses, government agencies and colleges in the last few years. Earlier this week, the Department of Veterans Affairs admitted that the personal information of 26.5 million veterans was compromised after a VA employee had a laptop with the info stolen from his home. That laptop included the names and Social Security numbers for every person who served in the military since 1975, making it the second largest data breach on record. CardSystems owns the dubious distinction of allowing the biggest breach, in which 40 million credit card numbers were laid bare. Breaches are common at financial services companies and universities, which typically hold thousands or millions of names, addresses and other data of customers and students. Last year, UPS lost data storage tapes containing data on customers from CitiFinancial. Bank of America lost tapes, too. The Privacy Rights Clearinghouse said that since February 2005, almost 82 million people have had their personal information potentially exposed by unauthorized access to the computer systems of companies and institutions. Of those, almost half of all reported security breaches have occurred at colleges and universities. Last June, the University of Connecticut detected a data breach on a server that contains names, Social Security numbers, dates of birth, phone numbers and addresses for most of the university’s 72,000 students, staff and faculty.
