Minnesota-based Metropolitan State University announced that approximately 160,000 current and former students, as well as 900 faculty members, were impacted in a “likely” December 2014 breach that was identified in January.
The university announced in January that an attacker may have breached its web server and accessed a database.
According to a Tuesday release, the exposed student data varies, but included demographic, personal and academic information. For 900 faculty members, Social Security numbers were likely exposed, and for 11,000 students, the last four digits were likely exposed.
All affected individuals are being notified, and those with Social Security numbers potentially exposed are being offered identity theft protection services.
“Metropolitan State University IT quickly disabled the vulnerability that permitted the breach and replaced the affected server,” according to a FAQ. “The university also completed additional security measures to minimize future security risks.”