14 DAY TRIAL // Sensitive information containing social security numbers among other data, has been extracted from a web server at California State University, East Bay by an unknown intruder in August, 2013.
Even if the attack occurred about one year earlier, the University discovered the unauthorized access on August 11, 2014, during a routine check. Following an internal investigation it was determined that the hacker used an overseas IP address to carry out their activity.
The forensics team that analyzed the logs for the affected web server was able to find that using malicious software, the intruder managed to copy a file containing full names, addresses, social security numbers and dates of birth. No financial details have been exposed.
According to online sources, 6,036 employees and former students have been impacted by the incident. Most of them are faculty staff that worked at the educational institution between June 2001 and August 2013.
The malware used for exfiltrating the data has been eliminated from the computer systems and the server vulnerabilities have been mitigated.
The university has no knowledge of the stolen data being used for malicious purposes, such as identity fraud, but the organization provides free one-year identity theft protection services to all affected parties.
The letter to the individuals affected by the incident also includes instructions on how to safeguard personal information.