The University of South Carolina (USC) is notifying some 34,000 people after a system intrusion was detected on a computer used by the College of Education. The breach was discovered in June, but the notifications are being delivered in order to allow those impacted to watch their credit reports.
According to USC, a webserver at the College of Education was compromised sometime around June of this year. Some of the files on that server contained personal information for some 34,000 people dating as far back as 2005, including names, addresses, and Social Security numbers.
However, the school does not believe the files were accessed. According to Bill Hogue, USC’s vice president for information technology, the schools security procedures were being followed before the breach. After the breach was discovered on June 6, the school started their investigation. Given that it was unlikely that the records were accessed, the school waited until they had more information before issuing notification.
The letters being sent to those impacted by the breach are the school’s way of being overly cautious. The individuals who are receiving the notifications are advised to place fraud alerts on their credit reports and to monitor them. The school has not indicated if they will pay for such a service if fees are required.
According to local media, this breach is the sixth incident in six years. In addition to the breach in June, human error led to the exposure of 31,000 records in March of 2011 and a stolen computer in 2008 led to the loss of 7,000 records.
The school says they have tightened security in order to prevent a similar breach from occurring, and the investigation is still active.