14 DAY TRIAL // At the end of October, during a routine monitoring of their servers, Virginia Commonwealth University's (VCU's) IT staff discovered a server that was compromised as a result of a hacking operation.
Even though this server didn't contain any data, it was five days later when they noticed that a second server that contained information on current and former VCU and VCU Health System affiliates was also compromised.
According to an advisory posted on their website, 176,567 faculty, staff or students could be affected since the second unit contained names, social security numbers, dates of birth, contact and other information.
The forensic investigation in this case uncovered that the second server was overtaken with the use of the first device. It was also noted that on the second device the cybercriminals didn't manage to do much, except to create a couple of users accounts.
“Our investigation was unable to determine with 100 percent certainty that the intruders did not access or copy the files in question. We believe the likelihood that they did is very low,” said Chief Information Officer Mark D. Willis.
“However, because this data was potentially exposed, we are proactively informing of this event and subsequent actions affected individuals can take to monitor personal information.”
The vulnerability that allowed for the breach to happen in the first place was reportedly taken care of and all the individuals involved will be contacted via email and first-class mail.
“VCU is reviewing its information technology security measures and procedures and will make improvements to prevent this type of incident from happening again. We regret this incident, and I apologize for any inconvenience or worry this may have caused you,” Willis concluded.
Hopefully the cybercrooks didn't manage to take anything, but in the meantime, those who believe their data may have been exposed, should keep a close eye on their bank accounts for fraudulent transactions.