University of Wisconsin hacked: 75,000 social security numbers, student names exposed

The University of Wisconsin is investigating a breach which may have exposed 75,000 social security numbers of students and staff.
Written by Zack Whittaker, Contributor

The University of Wisconsin's Milwaukee campus has been subject to a malware attack, which has exposed names and social security numbers of students -- past and present -- and staff alike.

Malware was discovered on a database server, which contained 75,000 social security numbers, and was shut down immediately after the malware was found.

While law enforcement and school investigators have yet to find evidence that data was stolen, the university sent out a letter to those who may have been affected by the breach.

In a statement, the vice-chancellor -- the university boss -- believes that the motive was theft of research project data; data and research programmes the university itself excels in. Staff found back-door malware, which can scan and view documents on a server, which is used by many of the university's departments to store crucial research.

One of the concerns is that the malware could have had access to other servers, indicating the likelihood of a wider hack.

The malware is thought to have been installed on May 25th, and local and federal law enforcement were called in to investigate. On June 30th, however, it was discovered that the database containing social security numbers was compromised, also.

University officials, via a notice on their website, warn students to monitor their financial information and credit card statements to be on the safe side.

This news comes only days after it was discovered that users' data, including social security numbers -- predictable in nature -- can be taken from sites like Facebook and other publicly government sites.

While data in this case may not have been downloaded -- only exposed to hackers by malware -- it once again calls questions on the data that universities have on its students.

It is, however, another reminder to users of Facebook and other social networking sites not to make birthday and date of birth data available on the web. While though it may be benign on in singular form, hacks like these, which include your full name, make you even more vulnerable to identity theft and bank account hacks more likely.

Related content:

Editorial standards