"It is our highest priority to notify those who may be affected by this security breach," said university President William Powers Jr. in a release. "We have notified the attorney general and his Internet enforcement unit and are doing everything we can to protect those whose information has been accessed unlawfully."
The security violation was discovered late Friday, April 21, said the university, and the university has devoted all available resources to identify the extent and source of the breach. Some of an estimated 197,000 records were accessed.
An investigation has determined that information from the business school's computer system was obtained as early as April 11, including some Social Security numbers and possibly other biographical data, including those of alumni, faculty, staff and current and prospective students of the business school as well as corporate recruiters.
A similar security breach took place in 2003. Former student Christopher Phillips was found guilty of accessing protected computers without authorization and possession of stolen Social Security numbers. It was determined that the information accessed from the university's databases was not disseminated or used to anyone's detriment.
The business school has created a Web page to help people potentially affected by the theft of information. Letters and e-mails will be mailed to individuals who were directly affected, with detailed information about their records and recommendations on how to protect themselves from identity theft. Notification will also be sent to those whose information was stored on the same system, even though their Social Security numbers were not accessed. In its communications, the university will not request personal information electronically. The university cautions that if people receive e-mail, even if they appear to come from the university, do not disclose personal information.
University officials will release updates to affected parties and the news media as further information develops.