The Georgia Institute of Technology has revealed a data breach which has potentially exposed information belonging to 1.3 million employees and students.
This week, Georgia Tech said the security failure occurred due to a web application which was vulnerable to outside entry.
An unknown threat actor managed to access a database connected to the application. The database contained personal information belonging to "some current and former faculty, students, staff and student applicants," according to the academic institution.
Names, addresses, Social Security numbers, and dates of birth may have been exposed.
However, reports suggest that the institute's current enrollment is just under 27,000 students, and so the data breach may have included years' worth of historical data to reach over one million records.
Georgia Tech was made aware of the incident in late March after developers noticed a "significant performance impact."
A vulnerability believed to be at fault has since been patched. The app is now also being checked for additional security weaknesses.
An investigation is underway and both the US Department of Education and the University System of Georgia have been notified.
"Georgia Tech is committed to the privacy and security of its personal data and deeply regrets the potential impact on those affected," the institute says.
Georgia Tech says those whose data is involved in the breach will be "contacted as soon as possible regarding available credit monitoring services," -- although whether or not these systems, which can alert users to suspicious activity, will be offered for free is not made clear.