The University of Delaware’s IT system was hacked and the school is now notifying its campus community about the cyberattack.
UD says files containing confidential personal information of current and past employees, including student employees, were taken on or about July 17, 2013. The university discovered the cyber security breach about a week ago during routine systems maintenance, and sent out notification letters and emails, dated July 29, 2013, to more than 72,000 affected persons offering free credit monitoring, almost two weeks after the fact.
“We are still determining the scope of the breach and did not want to make any public announcements before we could alert those affected,” said Director of Public and Media Relations John Brennan. “We also wanted to be sure that all of the resources to assist them were in place.”
UD says it took immediate corrective actions and is working closely with the FBI and a private computer security firm as it continues to investigate where the breach may have come from. The school is also taking steps to protect itself from future cyberattacks.
Taking advantage of a vulnerability in the software used on campus, the university says several dozen other companies, agencies and organizations using the same software have also fallen victim to similar attacks.
Meantime, the IT department has set up a frequently asked questions page for affected individuals.