A computer system at the University of Wisconsin-Milwaukee was hacked and bugged with malicious software. According to the Milwaukee Journal Sentinel
, malicious code was discovered on a document management database server. The university contacted law enforcement and after a month-long investigation realized that the database on the system contained over 75,000 records that included social security numbers for both students and employees.
Although this breach, which was discovered back on May 25, could have exposed the names and Social Security numbers of some 75,000 students, faculty and staff, UWM officials told the newspaper that the university has no evidence that information was looked at or used.
Nobody is sure how long the malware was running on the server, but it was shut down once the breach was found. UWM leaders are suggesting someone might have been trying to gain access to the university's computers for a different reason. It is suspected that the software was being used to identify cutting edge research that the school is working on, but that has yet to be confirmed.
"We are a research institution with a significant number of projects under way. It is theorized that this may have been an attempt to look at work being done," Tom Luljak, UWM's vice chancellor for university relations, told the newspaper. He added that the malicious software was installed remotely.
While the forensic investigation states that there is no evidence that the personal information was stolen, the school is still warning students to be vigilant by monitoring their credit history and putting a freeze on their credit report. It is also interesting to note that although most companies that suffer data breaches end up offering one year of free credit monitoring to the victims, the University of Wisconsin says that since there was no evidence the data was stolen, they will not offer the free service.
It’s also good to know that while students may have had their identity stolen, the database contained no “academic information such as student grades,” so at least the attackers won’t be able to identify whether students passed their criminology courses.
For more information on the security breach, UWM has set up this website