Western Connecticut State University is notifying 235,000 people their records, including social security numbers and other personal information, were insecure on its computers for three years and four months. WCSU said it has found no evidence that records were inappropriately accessed.
The affected group includes students, their families and those who had other associations with the university, as well as high school students whose SAT scores were purchased in lists, a common practice in higher education.
The vulnerability existed from April 2009 to September 2012 and potentially exposed information, including Social Security numbers, of about 235,000 people whose records were collected by the university over a 13-year period.
Although WCSU has found no evidence that records were inappropriately accessed, to protect those potentially affected, Western is offering up to two years of ID theft protection at no cost through a company named AllClear ID.
Everyone in the affected groups will receive a letter explaining the protection being offered and the steps they may take to access AllClear ID services.
Since discovery of the exposure, the university has dramatically increased its information protection capacity with new layers of protection. The university will continue to assess and improve all aspects of its information security.
