Western Connecticut State University has begun notifying students, their families, and individuals who had other associations with the university that their personal information may have been exposed to unauthorized access by a computer system vulnerability.
The vulnerability existed from April 2009 to September 2012 and potentially exposed information, including Social Security numbers, of about 235,000 people whose records were collected by the university over a 13-year period.
Although WCSU has found no evidence that records were inappropriately accessed, to protect those potentially affected, Western is offering up to two years of ID theft protection at no cost through AllClear ID.
When he became aware of the issue on Sept. 26, 2012, WCSU President James W. Schmotter immediately activated the Board of Regents security incident response plan.
The BOR Information Security & Policy Office conducted an investigation to determine what happened and identify and remediate security vulnerabilities campus-wide. The university also informed the Connecticut Attorney General’s office of the issue.
Since discovery of the exposure, the university has dramatically increased its information protection capacity with new layers of protection. The university will continue to assess and improve all aspects of its information security.
All those affected will receive notification through the postal mail. In addition, Western has set up a searchable database that contains the names of all affected individuals.