25,000 could be affected by data breach at SSU

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.newburyportnews.com/local/x1533629801/25-000-could-be-affected-by-data-breach-at-SSU

SALEM — The personal information of 25,000 Salem State University
employees may be at risk after one of the college’s computer servers
was infected with a virus.

The university this week notified 25,000 current and former employees
whose information was on the infected server. The breach affects
people who have received a paycheck from the university — from
full-time staff to students who were employed on campus.

“All we know is that there was a virus that could have potentially
compromised (employees personal information),” said Tom Torello, vice
president of marketing and communications at Salem State. “... At this
point we don’t know if anyone’s information has been used in any type
of illegal way, so we don’t know if anyone’s information is out
there.”

Salem State is offering to pay for one year of ID protection services
through Experian for those affected.

A letter was mailed this week to everyone whose information was on the
affected server. If you haven’t been contacted, that means your
information is not at risk, said Torello.

The university has set up a call center to field questions from those affected.

Virus detection software alerted the college to the problem, he said.

“This is unfortunately a very common occurrence now,” Torello said.
“We have excellent systems in place. Hopefully it was detected before
any information was compromised, but you don’t take chances. ... This
is the world we live in.”

Torello declined to say what type of details were on the server,
except to say it was “personal identification information.”

Salem State has roughly 10,000 undergraduate and graduate students. As
of fall 2011, the university had a total of 1,376 full- and part-time
faculty and staff.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.