California State University officials said today the university’s East Bay information security team has discovered a breach in a web server used to store personal employee information.
Officials said the security breach occurred on Aug. 23, 2013 and was discovered Aug. 11 of this year. The university learned through the subsequent investigation an unknown person broke into a university web server used to store various employment transaction records and some extended learning course information.
Officials said a malicious software tool allowed an unauthorized person to copy a data file containing the full names, addresses and Social Security numbers of 6,036 individuals. The birth dates of 508 individuals were also on the data file.
Officials said no financial, banking, academic or medical information was included on the data file, and the university is not aware of any reports of identity fraud resulting from the breach.
The university has provided written notification to the affected individuals through the mail and is offering them a 12-month membership in a credit monitoring service at the university’s expense.
The malicious files found on the server have been removed, and the server vulnerabilities that led to the breach have been mitigated, officials said.