The vulnerability existed from April 2009 to September 2012 and potentially exposed information, including Social Security numbers, of about 235,000 people whose records were collected by the university over a 13-year period.
Although WCSU has found no evidence that records were inappropriately accessed, to protect those potentially affected, Western is offering up to two years of ID theft protection at no cost through AllClear ID.
When he became aware of the issue on Sept. 26, 2012, WCSU President James W. Schmotter immediately activated the Board of Regents security incident response plan.
The BOR Information Security & Policy Office conducted an investigation to determine what happened and identify and remediate security vulnerabilities campus-wide. The university also informed the Connecticut Attorney Generalís office of the issue.
Since discovery of the exposure, the university has dramatically increased its information protection capacity with new layers of protection. The university will continue to assess and improve all aspects of its information security.
All those affected will receive notification through the postal mail. In addition, Western has set up a searchable database that contains the names of all affected individuals.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.