WestConn Security Breach Exposed 235,000 Personal Records

DANBURY, Conn. – The personal computer records of 235,000 people associated with Western Connecticut State University may have been exposed during a three-year period of security vulnerability, officials announced Thursday.

The records of 235,000 people associated with WestConn may have been compromised during a three-year period of security vulnerability.
Photo Credit: *Flickr user sfllaw*

by Jes Siart

11/29/2012 12:00 p.m.

There is no evidence that the records, which included Social Security numbers, were inappropriately accessed, but the school is still taking precautions to protect those affected, officials said.

The records collected by the university over a 13-year period were vulnerable from April 2009 to Sept. 26, 2012, when the breach was discovered, according to the press release. University officials said they began investigating and remediating the situation as soon as it was brought to their attention.

“We are disappointed that the potential existed to have these records exposed, but we will do everything we can to protect our students, their families and others with whom we have worked,” James Schmotter, president of the university said. “The steps we are taking and the solutions we are offering to every one of those affected are designed to address any problems this situation may have caused.”

Paul Steinmetz, director of university relations said, "The vulnerability resulted from an incorrect setting on a piece of hardware associated with the university.

Computer systems are complicated. This came out through routine maintenance and looking at the systems. Ideally it would have been found sooner.”"

To protect the affected parties, the university has begun notifying them that it will provide up to two years of identity theft protection through AllClear ID, according to the press release. The potentially affected individuals include students, their families and high school students whose SAT scores were purchased by WestConn. The university has provided a searchable database of affected individuals at https://www.wcsu.edu/securityincident/default.asp.

The university conducted an investigation through the Board of Regents Information Security and Policy Office and also notified the state Attorney General’s office about the incident, officials said in the press release. In the wake of the breach, WestConn officials said the university has “dramatically” increased information protection and will continue to improve security.

For more information, visit WestConn’s website or call the AllClear ID hotline at 855-731-6012.

Click here to follow Daily Voice Westport and receive free news updates.