Security breach at Iowa State affects 29,000
April 22, 2014
29,000 students enrolled between 1995 and 2012 may have had their Social Security numbers compromised due to a security breach affecting five departmental servers on campus.
The information technology staff discovered the unauthorized access to the servers.
According to a news release from the university, there is no evidence that any data files were accessed and no student financial information was in the records. However, another 18,949 students’ university ID numbers were compromised during the breach, although ID numbers are coupled with passwords and have no use off campus.
The release stated that the servers were hacked by “an unknown person or persons who intended to generate enough computing power to create bitcoins.”
Bitcoins are a form of digital money that can be used anonymously without much tracking as to who purchased goods with the bitcoins.
“We don’t believe our students’ personal information was a target in this incident, but it was exposed,” said Senior Vice President and Provost Jonathan Wickert in the news release. “We have notified law enforcement, and we are contacting and encouraging those whose Social Security numbers were on the compromised servers to monitor their financial reports.”
AllClear, a national firm that specializes in identity protection is being used by ISU officials to assess the damage. AllClear representatives, available at 877-403-0281, are able to watch for and deal with identity theft and fraud.
In addition, Iowa State will provide one year of credit monitoring for students with exposed Social Security numbers through AllClear.
Some compromised servers contained Social Security numbers of students who took a class in computer science from 1995 to 2005. Numbers of students enrolled in world languages and cultures from 2004, 2007 and 2011 to 2012 may also be compromised.
Students in Engineering 101 in fall of 2001 and Material Engineering 214 in spring of 2001 may also be compromised.
“Two other servers – one located in agricultural and biosystems engineering, and a second in materials science and engineering – were accessed, but they did not have any files containing personal information,” the brief stated.
Check back with the Iowa State Daily as more information becomes available.