The University of Connecticut announced Friday that its School of Engineering was the target of a serious data breach that exposed an unknown amount of personal and financial information of students and information from research partners. The hack was uncovered on March 9, when IT staff discovered malware on some of the school's servers. These servers contained both sensitive research data and private information belonging to students, staff and faculty: Social Security numbers and credit cards, as well as logins and passwords.
The school's blog post describes the attack as apparently having originated in China. A university spokesman said the school is working with the FBI on analyzing the attack.
Related: Secret NSA Map Shows China Cyber Attacks on U.S. Targets
An investigation by the university and cybersecurity outfit Dell SecureWorks indicated the first hack occurred in September 2013, meaning the intruders have had ample opportunity to use any data they stole. The spokesman said it's not clear yet how many people's data may have been exposed.
Those affected by the hack will be notified and provided identity protection services, the school said.
Research sponsors and partners are also being alerted to potential data exposure, though the university says there's "no direct evidence" any was stolen.
Related: UCLA Health Says Hack Exposed Personal Data on 4.5 Million People
After patching the vulnerability, the university implemented a number of improvements to its security infrastructure and is launching a "comprehensive review" of its IT practices.
