Hackers broke into a computer database containing the names, birth dates and Social Security numbers of more than 5,700 former and current University of Virginia faculty members over a 23-month period beginning in 2005, school officials said Friday.
Affected are the records for 5,735 people who had any faculty designation at the Charlottesville campus or the College at Wise between 1990 and August 2003. About 2,100 of the victims still work for the school, officials said.
No student data was affected.
Hackers did not obtain any credit card, bank account or salary information, but the school is offering one year of free credit monitoring to those affected.
The security breaches, taking place on 54 days between May 20, 2005 and April 19, 2007, involved an "academic outreach page" designed in 2003 to help students, professors and media, said university spokeswoman Carol Wood.
Wood declined to be more specific, citing the ongoing investigation.
The sensitive information wasn't directly on the Web page, she said. Rather, it was included in the complex network of data sources that makes the average Web page run _ sort of like the gears inside a clock, Wood explained.
Those background pages can be discovered, but not easily. Wood said the information was mistakenly included on the background pages by the program designer.
"This information could not be accessed through everyday Web browsing," said university vice president and chief information officer James Hilton. "To find it required a relatively sophisticated and intentional attack on the database."
The school hasn't identified any suspects.
University technicians discovered the database while working on a project to remove Social Security numbers from campus computer systems, Wood said.
The technicians removed the database on April 20. A month later, technicians discovered security breaches dating back to May 2005.
Former employees are being encouraged to contact the school or visit a specially created Web page.
"We sincerely regret the distress this causes to our colleagues," Hilton said. "This theft adds greater urgency to our ongoing effort to remove from databases Social Security numbers and other personal information that could be accessed through the Internet."
The incident didn't surprise Jim Cohoon, an associate professor of computer science at the school. He wasn't impacted this time, but has been by similar incidents elsewhere.
"One of my professional societies also leaked some information," said Cohoon, adding pickpockets stole his personal information during a recent trip to Paris.
Many other universities have been hit by hackers in recent years, among them the University of Texas, the University of Missouri, Stanford University, the University of California, Los Angeles, Ohio University and George Mason University.
Possible U.Va. victims are urged to call (866) 621-5948.