Tens of thousands of former and current students’ personal information was on five servers hacked at Iowa State University.
“An extensive analysis has revealed the compromised servers contained Social Security numbers of 29,780 students enrolled at Iowa State between 1995 and 2012,” said a statement about the breach on the university’s website.
The compromised servers contained Social Security numbers of some students who took computer science classes between 1995 and 2005; World languages and cultures classes in 2004, 2007, 2011 and 2012; and materials science and engineering classes in 2001. Servers in the agriculture and biosystems engineering and materials science and engineering departments were also accesses, but they did not contain personal information of any students.
Another 18,949 current students’ university ID numbers were also on the compromised servers.
“We don’t believe our students’ personal information was a target in this incident, but it was exposed,” said Senior Vice President and Provost Jonathan Wickert.
University officials reported the breach to law enforcement. Affected current and former students were being notified of the breach by mail.
Former students whose Social Security numbers were exposed could face a financial threat. The university was contacting those affected and encouraging them to monitor credit reports for possible unauthorized transactions. University ID numbers are generally used in combination with a password, and there was no financial threat posed according to Wickert.
“The servers were hacked by an unknown person or persons who intended to generate enough computing power to create bitcoins,” the university statement said. “Bitcoins are a type of digital money that can be used to buy merchandise anonymously.”
“Out of an abundance of caution, the university has decommissioned, removed from the Internet and destroyed compromised server,” the university statement said. “The university has begun deploying software that regularly scans computers, servers and other devices to locate protected information.”