Virginia Tech has learned that a computer server in the Department of Human Resources was illegally accessed on August 28, 2013. A VT spokesperson informs DataBreaches.net that the illegal access was from outside the school an IP address in Italy.
The server contained information about 144,963 individuals who used the institution’s online employment application process to apply for jobs at Virginia Tech between 2003 and 2013.
As a result, individual information from job applications may have been illegally accessed. No credit card, date of birth, or social security information was compromised for any job applicant.
The online application does ask applicants to “indicate your professional licenses, certificates, or other authorizations to practice a trade or profession”. In response to that question (and an earlier version of that question on previous applications), 16,642 of the 144,963 job applicants provided their drivers license number
Virginia Tech has contacted all 16,642 individuals to let them know their driver’s license number may have been illegally accessed.
For the remaining 128,321 applicants, the only items that may have been exposed are standard employment applicant information. Faculty applicants are asked to provide minimal information on the online application, so no employment or education history was on the server. For staff applicants, employment and education history was on the server. Applicants typically attach documents (resumes, for example) to their online application. No attached documents for any of the 144,963 individuals were on the server.
This notification is being made because under state code, driver’s license numbers and employment history are considered protected personal information.
“Virginia Tech deeply regrets that this occurred and is taking appropriate steps to address and correct the situation to prevent it from happening again,” said Hal Irvin, associate vice president for Human Resources.
More information about the questions on Virginia Tech’s employment application, along with the steps you might take should you have concerns, is available online.
SOURCE: Virginia Tech
Didn’t they use some sort of high-end protect to prevent this breach? I hope that they learn from this.