163k individuals affected in Butler Uni data breach

Get a copy of the upcoming book "Secure Operations Technology"

Personal and financial information of some 163,000 students, alumni, faculty, staff, and past applicants of Indianapolis-based Butler University have been stolen following a hack of the university’s computer network.

According to the breach notification letter sent to (potentially) affected individuals, the intrusion was discovered only after California law enforcement agents contacted the university on May 28 and shared with them the details of their latest catch: a suspect in an identity theft investigation had on him a flash drive containing the personal information of certain Butler University employees.

The university immediately launched an internal investigation and hired an outside computer forensics firm to do the same.

The investigations revealed that the University’s network was breached sometime between November 2013 and May 2014, and the hacker(s) had access to files containing names, dates of birth, Social Security numbers and bank account information of 163,000 individuals affiliated with the educational institution.

A university spokesperson has confirmed that the arrested individual was not in any way connected with the university, and that the attackers were not insiders.

According to the IndyStar, former students that have graduated as far back as 1983 have been affected by the breach.

The university has offered all affected individuals a year of complimentary credit monitoring, and has urged them to place a “fraud alert” on their file.