“Because the intrusion happened nearly ten years ago, we do not have much more information about how it occurred.”
Yale University revealed that hackers accessed one of its databases between 2008 and 2009 and accessed the personal information of 119,000 people.
The intrusion happened between April 2008 and January 2009 and apparently affected a single database stored on a Yale server. The data breach was discovered on June 16, 2018, during a security review. The attackers extracted names, Social Security numbers, and, in almost all cases, dates of birth. In many cases, Yale email addresses were also extracted, and in some cases the physical addresses of individuals associated with the university were compromised as well.
According to Yale, no financial information was stored in the database and almost all people impacted by the breach were affiliated with the university.
“In 2011, Yale IT deleted the personal information in the database as part of an effort to eliminate unneeded personal information on Yale servers, but the intrusion was not detected at that time,” the university says.
Last week, Yale sent notices of the data breach to impacted members of the Yale community, including alumni/ae, faculty members, and staff members. The university says notices were sent to nearly 97% of the individuals affected, but that it has yet to acquire a verified current address for the remaining 3%.
In a letter (PDF) to the State of New Hampshire Attorney General, Yale also revealed that the same server was hacked a second time between March 2016 and June 2018. The intrusion resulted in the compromise of the names and Social Security numbers of 33 individuals, none of whom reside in New Hampshire.
Yale claims that there is no indication that the compromised information has been misused. However, it decided to offer identity monitoring services at no cost, to help users guard against identity theft.
Because the intrusion occurred a decade ago, there is no information on how the attackers hacked the server. Yale also says that “it is not feasible to determine the identities of the perpetrators.”
Related: HR Services Firm ComplyRight Suffers Data Breach
Related: Timehop Data Breach Hits 21 Million Users
More from Ionut Arghire
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches
- European Cybersecurity Firm Sekoia.io Raises $37.5 Million
- GitLab Security Update Patches Critical Vulnerability
- Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
