Students and staff from Butler University in Indianapolis are being notified that their personal information may have been compromised by an attack carried out in 2013.
Around 163,000 staff, alumni, faculty and students (both current and prospective) are now being contacted following a recent California law identity theft investigation. Police recently arrested an individual in possession of a flash drive containing Butler University information.
A subsequent internal investigation, carried out in collaboration with forensics experts, revealed that the data may been stolen in a 2013 cyber attack. Hackers would have gained unauthorised access to the Butler network, thus allowing them to lift sensitive data.
The investigation is still ongoing, however, as the experts believe the attack could have taken place as recently as May or this year.
A university spokesperson, Michael Kaletenmark, explained the situation, outlining the current findings and the plans moving forward.
"Unfortunately, we do think it's a remote hacking," he said. "The suspect that's been arrested has no affiliation with Butler University."
"Upon further investigation, we found that additional members of the Butler University community may have been exposed," added Kaltenmark.
The university first learned of the attack after California authorities notified them in May that the flash drive had been found containing the sensitive data.
It's important to consider the role of security when it comes to business IT networks, as an attack can take place without the business knowing, and cause often incalculable damage. It needs to become a necessity for companies to ensure security is in place, and frequent testing is carried out to identify any potential flaws.
Only with testing can a company ensure ongoing vulnerability management.
Individuals are now having the situation explained to them, and are being offered a free year of identity theft protection services.