A “data security incident” has been confirmed by Auburn University, exposing the personal information of current, former and even prospective students. The data breach was discovered on March 2 after the University learned its servers were made accessible online by accident.
According to a statement by Auburn’s Office of Communications and Marketing (OCM), the information compromised in the Auburn University data breach was a mixture of names, addresses, birth dates, email addresses, academic information and even Social Security numbers. Auburn University’s investigation also discovered the information had been accessible from Sept. 1, 2014 until March 2, 2015.
No information linked to student’s payment cards, banks, or financial accounts were included in this data breach. Auburn University has not released how many students were affected.
While there has been no evidence that the exposed information has been misused, Auburn officials will still be notifying all of the affected parties. Those contacted by Auburn University will be offered two years of free credit monitoring as well as identity theft protection services.
When Auburn University first discovered the data breach last month, officials immediately reached out to IT forensics professionals to identify the cause of the issue, as well as aid in the overall data breach investigation. OCM also confirmed that the University has since secured the compromised web servers and enhanced its past network security provisions.
Auburn’s OCM has also stated that the investigation indicates, “exposure resulted from configuration issues with a new device installed to replace a broken server.”
More information about the Auburn University data breach is being made available through mail notifications, a confidential assistance telephone line and its IT security website, http://www.auburn.edu/itsecurity.