The University of Wisconsin-Parkside has notified approximately 15,000 students of the potential exposure of personal data. Email and U.S. mail notifications were sent to the most recent addresses on file. The data potentially at risk includes names, addresses, telephone numbers, email addresses, and Social Security numbers of students who were admitted or enrolled at the university since fall 2010.
Information associated with the university's SOLAR and Ranger Card systems is not affected.
University officials first became aware of the situation March 16 when Campus Technology Services staff, performing routine maintenance, discovered that computer hackers had installed malware (a computer virus) on one university server.
The server was immediately shut down. The incident was reported to the UW-Parkside Police and Public Safety Department, and University of Wisconsin System legal counsel. With the help of an international computer security consultant (403 Labs, a Division of Sikich LLP) the university launched an investigation to determine the source and extent of the security breach.
As with many such incidents, the malware did not indicate its source or those who gained unauthorized access. Investigators found evidence indicating that the attacker's motive was not identity theft and they have found no proof of attempts to download names or Social Security numbers.
However, because any incident that potentially exposes personal information could contribute to the risk of identity theft, university officials are notifying the students involved so that they may take the proper steps to protect their identity and monitor their credit reports and financial statements.
"UW-Parkside takes the security of all data, especially the personal information of its students, extremely seriously. We apologize for any concern this issue may cause the students and their families potentially affected," said Ilya Yakovlev, UW-Parkside chief information officer. "We believe the chance of sensitive data falling into the wrong hands is remote. At the same time, we have a responsibility to move quickly, conduct a thorough investigation, and ensure that this does not happen again."