The University of Central Florida revealed on Thursday that the Social Security numbers of some 63,000 current and former students, staff and faculty members were compromised last month in a massive data breach.
UCF President John Hitt said in a statement that the school became aware of an “outside intrusion” in early January and immediately reached out to law enforcement.
Officials learned soon after that the breach had affected the personally identifiable information of more individuals that previously thought, and the FBI is now conducting an investigation in hopes of identifying the person or persons who gained unauthorized access to the database, the Orlando Sentinel reported.
Mr. Hitt said that “approximately 63,000 current and former UCF students and staff and faculty members” were affected by the breach, but he said investigators believe that only Social Security numbers were accessed and not any other sensitive information, like financial, medical or academic data.
The school went public with the breach on Thursday after an national digital forensics firm completed a thorough investigation of the incident, Mr. Hitt said.
“It’s an extremely hard situation for folks like UCF to be in,” Von Welch, the director of Indiana University’s Center for Applied Cybersecurity Research, told the Orlando Sentinel. “They have the large databases. … All it takes is one mistake for hackers to exploit. If you’re anything less than perfect, these hacks can occur.”
Roughly 600 current student-athletes had their details compromised in the breach, although UFC employees who worked at the school as far back as the 1980s had their personal information accessed as well, the Orlando Sentinel reported.
Others affected include graduate assistants; housing resident assistants; adjunct faculty instructors; student government leaders; and faculty members who were paid for teaching additional classes, the school said.
“Safeguarding your personal information is of the utmost importance at UCF,” Mr. Hitt said in the statement. “To ensure our vigilance, I have called for a thorough review of our online systems, policies and training to determine what improvements we can make in light of this recent incident.”
The school said it will start notifying victims on Friday and will provide free credit monitoring and identity-protection services to individuals affected by the breach.
Federal agents at the FBI’s field office in Jacksonville have notified all colleges in the U.S. about the breach “in an effort to identify other potential victims,” but they didn’t elaborate further, the paper reported.
Research firm Trend Micro said last year that data breach incidents within the education sector have declined in recent years, possibly as hackers shift focus to targets containing more lucrative data, like computer systems used within the health care and retail industries.
Hacking or malware attacks, unintended disclosures and loss of theft were behind 94.5 percent of all data breaches to affect the education sector since 2005, with personally identifiable information, including Social Security numbers, being compromised around eight out of 10 times.