Ferris State University in Oregon is notifying current and prospective employees and students after a malware injection may have exposed their personal information.
In a letter submitted to the Vermont Attorney General’s Office, John Urbanick, CTO at the university, explained that the university became aware of the breach on July 23. They do not explain when the malware injection actually occurred or how they discovered the problem.
The malware inserted on the computer used to operate the university’s web site potentially gave the attacker access to files on the web server as well as other files that contained names and Social Security numbers.
The letter does not indicate how many people are being notified, and FSU notes that a forensic team called in to investigate found no evidence that information on the web server and in electronic files had been accessed or removed. Nor have they received any reports of problems from students or employees, but since they cannot be sure that there was no access, they are notifying all those whose SSNs were in files that might have been viewable.
Update: WOOD-TV reports:
Letters were sent out Wednesday to about 39,000 people whose names and Social Security information may have been seen.
Another 19,000 letters were sent to current, former and prospective students whose names and student ID numbers may have been seen. Students may request an ID number change at the Ferris State website.