A more than three-month old intrusion into networks at the University of South Carolina may have compromised the personal information of some 34,000 individuals associated with the school’s College of Education.
The breach might have exposed names, addresses, and social security numbers of students, staff, and researchers associated with USC College of Education dating back as far as 2005, Bill Hogue, the vice president for information technology at USC, told South Carolina’s largest daily, The State.
While the school learned of the breach on June 6, it is unclear exactly when the attack took place or where it came from, although the report indicates it originated “overseas.”
USC claims there is no reason to believe that any sensitive data was actually accessed on the servers, but is warning anyone whose data could have been accessed so they can monitor their credit reports for suspicious activity. However, in contrast to what has become the norm for such intrusions, USC is not offering to foot the bill for credit monitoring services for those potentially affected, a decision that is drawing heat from at least on consumer rights advocate.
Beth Given of the Privacy Rights Clearing House is urging USC to pay for credit monitoring services to anyone whose information was on the compromised server, called the university’s data-breach track record “dreadful,” and questioned why the institution waited 11 weeks to go public with the breach and how exactly they are sure that no one’s data was actually accessed.
The State reports that this incident, though it may be the largest, is by no means isolated. In the six years since 2006, USC has been the victim of several data breaches, spilling 81,000 records belonging to students and employees.
For their part, Hogue said he understands criticism surrounding the notification delay, but justified it by saying the university “favored being as accurate and comprehensive as possible.” He went on to tell The State that the school has been targeted by botnets 280 times and that more than 55,000 devices attempt to access their network on any given day.
The school’s interior investigation is ongoing.