More than 1,800 University of California (UC), Irvine, students, as well as nearly two-dozen non-students, are being notified that they may have had unencrypted personal information compromised after keylogger malware was discovered to have been on three Student Health Center (SHC) computers for about six weeks.
How many victims? An investigation is ongoing, but it is estimated that 1,813 students and 23 non-students were impacted.
What type of personal information? Names, addresses, phone numbers, student ID numbers, non-student patient ID numbers, health and dental insurance policy ID numbers, bank names and check numbers for services paid by check, amount of payment received by SHC for services rendered, Current Procedural Terminology descriptions and codes, and ICD-9 codes and diagnoses.
What happened? The California Information Security Office (CISO) notified UC Irvine that one of the computers in the SHC had been infected by malware. An investigation then revealed that three computers had been infected with keylogger malware for about six weeks.
What was the response? The three infected computers were taken down from the network. SHC employees were required to change their passwords. A report was filed with law enforcement and an investigation is ongoing. Regularly performed campus-wide reviews of data security practices are being expanded and all SHC computers are being upgraded with anti-virus and other security programs. All impacted individuals are being notified and offered a free year of monitoring services.
Details: CISO notified UC Irvine on March 26 that one of the SHC computers contained malware. The infection lasted from Feb. 14. to March 27. The malware sent the unencrypted information to an IP address outside the UC Irvine network.
Quote: “We have no indication that the data [has] been fraudulently used,” according to a statement emailed to SCMagazine.com on Thursday.
Source: A statement emailed to SCMagazine.com on Thursday.