Hackers accessed more than 59,000 records within the California State University at Chico (CSU Chico). The records, which were stored in two files within the University Housing and Food Service system, include those of students, faculty and non-enrolled applicants.
Some of the information stored belonged to individuals who were admitted to, but had not matriculated at CSU Chico. Their data had been sent to the Housing and Food Service department in order to allow the department to distribute housing information. The university will be reviewing its confidential data storage and deletion policies.
One file contained names, Social Security numbers and university identification numbers, birth dates and gender, while the other held names and Social Security numbers, home addresses and emergency contact names. Neither file held drivers’ license information, according to university information security officer Brooke Banks.
Banks also noted that there was no evidence that the records were downloaded or moved. She was similarly unaware of any attempts to use the information for fraud purposes. The university is in the process of alerting everyone whose name was within the files of the breach.
The intruders installed root kit software, which allows them to store files such as music, movies and games, on the system, according to a university statement.
The case is being handled by university police, all of whom are officers within California.
The CSU Chico breach comes on the heels of a month of consumer data breach revelations, including the sale of 145,000 records by ChoicePoint Inc. to fraud artists; the loss of 1.2 million Department of Defense and Congressional credit card records by Bank of America; and the fraudulent acquisition of 32,000 records from NexisLexis.
