University of Virginia Data Breach

The University of Virginia (UVa) has acknowledged that data breaches exposed personally identifiable information of approximately 6,000 current and former faculty members. The data include names, dates of birth and Social Security numbers (SSNs). The breaches occurred between May 2005 and April 19, 2007. The system in question was accessed no fewer than 54 times over the nearly two-year period. The breach was discovered while UVa was in the process of switching from SSNs to university-issued ID numbers as unique identifiers. The data were not in a place where one would normally stumble across them by accident; the attack was likely purposeful. Current faculty members have been apprised of the situation; former faculty members are being notified by mail and email. The breach affects individuals who worked as UVa faculty between 1990 and 2003 as well as current faculty members. Some records may have contained additional data, including dates of hire, tenure status, addresses and places of birth. The FBI, the UVa police department and the UVa IT department are investigating the incident.