Info on 79K Cal State Students Exposed in Hack of Third-Party Vendor

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
By James Eng

A data breach at a third-party vendor that provides online training to prevent sexual violence has exposed the personal information of 79,000 students at eight California State University campuses, school officials said.

Cal State said the hack of computer systems of the vendor, We End Violence, compromised the data of students at CSU Channel Islands, Cal State Los Angeles, CSU San Bernardino, CSU Maritime Academy, California Polytechnic University (Pomona), CSU Northridge, San Diego State and Sonoma State University.

University officials were notified of the breach on Aug. 28, Cal State spokeswoman Toni Molle said Thursday.

We End Violence said it discovered on Aug. 24 that a server hosting one if its websites had been breached, the company’s director, Carol Mosely, told NBC News in an emailed statement. The website was taken offline and computer forensics experts were hired to investigate. Mosely said there is no evidence to date that the potentially compromised student information has been misused.

Related: Rutgers University Hires Cybersecurity Firms After Hacks

We End Violence has a contract with Cal State to provide a one-hour online training class on sexual violence prevention. The noncredit class is required for all students under state law.

The exposed data included names, student IDs, campus-issued email addresses and mailing addresses. Cal State officials said no Social Security numbers, driver’s license numbers or other personal identifiable information was put at risk.

School officials have notified all impacted students, and their login information has been erased.

Related: University of Connecticut Hack Exposed Students' Credit Cards, SSNs

"Protecting student data and personal information is a top priority of the California State University (CSU),” the chancellor's office said in a statement on Thursday. "As soon as it was learned that student information was exposed by a third-party vendor, immediate action was taken at the eight impacted campuses to further safeguard student information."