Confidential and personally identifiable information for more than 176,000 current and former students and employees at Virginia Commonwealth University may have been stolen when an attacker infiltrated a university server last month.
Staff at the Richmond, Va., university first discovered suspicious files on a server on Oct. 24, and after taking it offline, found that an Internet worm had infected the server and allowed an intruder to access it for 56 minutes on Oct. 19, VCU wrote on its website. This breached server contained no personal data, but created a portal for whoever is behind the attack to access other confidential records.
On Oct. 29, VCU staff found a second server that had been illegally accessed for 16 minutes on Oct. 19. This server contained personally identifiable information, including Social Security numbers, names, school and personal email addresses and in some cases dates of birth, job titles and contact information for 176,567 employees and students.
"Our investigating was unable to determine with 100 percent certainty that the intruders did not access or copy the files in question," VCU wrote.
The breach affected 42,438 students and employees from summer and fall semesters in 2011, 19,172 people employed during or after November 2005, 2,328 students who were accepted for 2011's fall semester but did not attend, 16,867 current health system employees and 95,772 former students, affiliates or health center employees who attended before 2011's spring semester.
In a video posted to the site, Mark Willis, VCU's chief information officer, explained that the worm allowed whoever deployed it to establish files and accounts on the infected server, with the intention of "using it as a platform to scan for other vulnerable machines on the Internet, as well as using it as a platform for a command and control network."
Despite the wealth of confidential information stored on the hacked server, VCU said "there is a very low likelihood that personal data was exposed or that there is a risk of identity theft."
SecurityNewsDaily reached out to VCU for comment but did not receive a response.
VCU said both servers are now behind the university firewall, and the vulnerabilities that allowed the worm to infect them have been patched. VCU is planning to employ outside consulting firms as well as local and federal officials to assess the damage and investigate the incident.