Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hacked University Server Puts 176,000 Individuals at Risk

Virginia Commonwealth University Hacked

A server at Virginia Commonwealth University, containing files with personal information on current and former VCU and VCU Health System faculty, staff, students and affiliates, was breached in October, during a two step attack. As a result, 176, 567 individuals may have been exposed to personal data theft.

Virginia Commonwealth University Hacked

A server at Virginia Commonwealth University, containing files with personal information on current and former VCU and VCU Health System faculty, staff, students and affiliates, was breached in October, during a two step attack. As a result, 176, 567 individuals may have been exposed to personal data theft.

Mark Willis, the CIO of VCU, said that on October 24, routine monitoring discovered suspicious files on one of the network devices. The server was taken offline and the vulnerabilities on it patched. Given that the server contained no personal or otherwise sensitive information; the incident was considered resolved, until five days later.

“Five days later, VCU’s continuing investigation revealed two unauthorized accounts had been created on a second server, which also was taken offline. Subsequent analysis showed the intruders had compromised this device through the first server. The intruders were on the server a short period of time and appeared to do nothing other than create the two accounts,” Willis noted in his notification letter.

This second server contained data on 176,567 individuals including a name or eID, Social Security Number and, in some cases, date of birth, contact information, and various programmatic or departmental information. The university can not say with complete certainty that the data wasn’t compromised, even though the likelihood is low. So, to play things safe, they issued a wide notification, and advice on monitoring personal information, including credit monitoring or acquiring identity protection services.

The university said they will not automatically grant everyone potentially impacted by the incident identity theft protection. “However, for the peace of mind of concerned students, employees and affiliates, the University will honor individual requests for these services,” the notification details explained.

More information on the incident can be found here.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Checkmarx has appointed Scott Gainey as Chief Marketing Officer.

Jason Hogg has been named Executive Chairman of CYPFER.

HUB Cyber Security has appointed former PayPal and American Express executive Paul Parisi as its Global Chief Revenue Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.