Menu
Hospital Security

Computer Breach Exposes Personal Data of 5,735 U Va. Faculty Members

CHARLOTTESVILLE, Va. – The University of Virigina released the following statement regarding a data breach that was discovered recently:

University of Virginia Alerts Current and Former Faculty That Sensitive Information Has Been Exposed

The University of Virginia has discovered a security breach in one of its computer applications that resulted in exposure of sensitive information belonging to current and former U.Va. faculty members. The information included names, Social Security numbers and dates of birth.  No credit card, bank account or salary information was involved in the incident.

As soon as this breach was discovered, the vulnerability was corrected and a thorough investigation was instituted. This criminal investigation is being conducted by University Police in consultation with the FBI and the University’s computing and audit professionals. The investigation has revealed that on 54 separate days between May 20, 2005 and April 19, 2007, hackers tapped into the records of 5,735 faculty members.  No suspects have been identified.

No data pertaining to students or the University’s non-faculty employees were exposed.

  University officials are warning affected current and former faculty members that the hackers could use the stolen information to set up fraudulent bank or credit card accounts and are urging them to monitor their credit reports closely. The University is offering one year of free credit monitoring to those affected.

All current faculty whose records were exposed in this breach have been notified. The University is continuing to work to notify former faculty members who were affected.

  Those affected include anyone who taught or had any faculty designation (academic, administrative or adjunct) at the University or at the College at Wise from approximately 1990 to August 2003.  Of those whose records were accessed, about 2,100 are currently employed at U.Va. The University is contacting those affected through both the U.S. Postal Service and electronic mail. Additionally, it has established an informational Web page.

Former and current faculty members also can check whether they were affected by calling a toll-free number, (866) 621-5948, between 8 a.m. and 5 p.m. on weekdays, as well as on Saturday, June 9. Those who prefer to e-mail their questions or concerns should send them to identity-assistance@virginia.edu. The University particularly encourages former faculty members, whose last contact information may be out of date, to make an inquiry.

“We sincerely regret the distress this causes to our colleagues,” said James Hilton, U.Va.’s vice president and chief information officer. “This theft adds greater urgency to our ongoing effort to remove from databases Social Security numbers and other personal information that could be accessed through the Internet and later potentially abused. The University is continually modifying its systems and practices to enhance the security of sensitive information and training its employees in data protection.”

Investigators believe that the hackers accessed the information in a special-purpose Web application.  The faculty information, which had been mistakenly included in the application’s database, was not intended for public distribution.

“This information could not be accessed through everyday Web browsing,” Hilton said. “To find it required a relatively sophisticated and intentional attack on the database.”

The University’s Information Technology and Communications division first discovered the existence of the database as part of its Social Security number remediation efforts and removed it on April 20, 2007, after concluding an initial internal review.

On May 22, programmers who maintain the site discovered—in a separate, unrelated incident—that a hacker had defaced a page on the site. After the database was secured, programmers continued reviewing server logs to investigate that attack more thoroughly.  On May 29, the earlier breaches were discovered.

_____________________________________________________________

U. Va press release

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo

Recommended For You

Student and Staff Safety: Addressing the Significant Rise in Mental Health Needs and Violence
Student and Staff Safety: Addressing the Significant Rise in Mental Health Needs and Violence

In this webinar, attendees will learn the observable behaviors people exhibit as they head down a path of violence so we can help prevent the preventable.

Beyond Threat Assessment: Managing Threats with Appropriate Follow-up, Monitoring & Training
Beyond Threat Assessment: Managing Threats with Appropriate Follow-up, Monitoring & Training

This discussion will help participants analyze, understand, and assess their own program effectiveness.

Latest Quizzes

How Should These Clery Act Crimes Be Classified in Your ASR?
Mental Health in America: Test Your Awareness with This Quiz
Test Your Hospital Safety and Security Knowledge with These 9 Questions