Hackers illegally accessed a server containing the personal information, including Social Security numbers and course records, of more than 7,000 former Purdue University students.
The West Lafayette, Ind., school sent letters on Monday (Aug. 15) notifying 7,093 students that their personal information may have been compromised by the hack, Indiana's Journal and Courier reported.
The data breach, which occurred April 5, 2010, affected students who took mathematics courses from 2000 through the summer session of 2005.
According to Purdue's official statement, the school waited more than a year to alert students because school officials wanted to identify which of the 6.6 million nine-digit numbers stored on the server were actually Social Security numbers; the school then had determine which numbers belonged to which students.
This security slipup comes just a week after a data breach at the University of Wisconsin-Milwaukee potentially exposed the Social Security numbers of 75,000 past and present students.
Although it's potentially disastrous anytime Social Security numbers are exposed, this mishap may have spared students any financial trouble.
After conducting a forensic examination of the breach, Purdue wrote that the "characteristics were not consistent with an attack designed to gather data from the system, but rather an attempt to use the system to launch attacks against other servers."
Purdue notified the Indiana Attorney General's office of the network intrusion, and is urging anyone who received the letter to carefully monitor their financial statements and report any suspicious activity that may indicate identity that the stolen Social Security numbers are being used for theft.