Social Security Numbers Exposed in Data Breach at University of Chicago

The duration of the breach has not been disclosed

  Vulnerability that permitted the breach has been closed

A cyber intrusion affecting the University of Chicago resulted in social security numbers and other personal information being exposed to an unauthorized party.

The educational institution learned about the compromise on January 22, 2015, and deployed immediate action to plug the security hole. It is unclear if the breach on said date or at an earlier time.

During the ensuing investigation it was discovered that the exposed database contained data belonging to current and former employees, contracted employees and students affiliated with the Department of Medicine.

The information accessed by the unauthorized party included names, social security numbers, employee identification numbers, usernames, gender and marital status.

In a letter to impacted individuals signed by John Ultmann, Professor-Chairman, and Kenneth Goodell, Executive Administrator, both at the Department of Medicine, it is disclosed that partial work and personal emails of some individuals also fell into the hands of the hackers.

The representatives of the university say that no financial information was present in the compromised database. However, given that social security numbers were exposed, there is the risk of identity theft.

To reduce the danger, the university offers free identity protection for one year to all impacted individuals. All the details on how to activate the service and recommended preventive action against fraud attempts is available in the letter.

The number of affected individuals remains undisclosed.