The University of Chicago breach reported on this site in January and February has now been reported to at least one state attorney general. The breach involved a database belonging to the Biological Sciences Division.
In a copy of their notification letter, submitted to the Vermont Attorney General’s Office, Dr. Everett Vokes, Chairman of the Department of Medicine, and Kenneth Goodell, Executive Director of the department, write that the school became aware of the breach on January 22nd. That date corresponds to when DataBreaches.net first sent them an email to alert them to the breach.
Their investigation revealed that the database contained records related to current and former employees, contracted employees, and students who were at one time affiliated with the Department of Medicine.
In response to the breach, the university restricted access to the database and retained forensics experts, who determined that the types of personal information involved included names, Social Security numbers, employee identification numbers, employee usernames, gender, and marital status. “In addition,” Vokes and Goodell write, “some individuals’ work and/or personal addresses were exposed.” Bank account information was not contained in the affected database.
The University is offering those affected a one-year membership in Experian’s ProtectMyID Elite, and has arranged for a dedicated hot-line at Experian to answer any questions those affected might have.
Update: A link to February coverage was added post-publication.