Tuscaloosa News reports:
The University of Alabama says a 2009 computer security incident involving a server for Brewer-Porch Children’s Center may have exposed some personal information for about 1,400 former clients, employees and medical providers.
In June, staff preparing an old server for disposal discovered unauthorized login activity between Oct. 24, 2009, and Dec. 9, 2009, from outside the United States. The incident could affect any Brewer-Porch client who received services from Brewer-Porch between Sept. 27, 2002, and Dec. 9, 2009, and any employees and medical providers working for Brewer-Porch during that same time period.
Read more on Tuscaloosa News. On a positive note, it sounds like they did a good job of preparing an old server for disposal if they found evidence of a 10-year hack and didn’t try to just cover things up. Kudos to them for disclosing this old incident and for following notification obligations that apply to notify the 727 former clients whose personal and medical information was on the server as well as the 641 former employees and providers whose SSN and other personal and employment-related information were on the server.