Dive Summary:
- The University of Delaware discovered a July 17, 2013, server breach during "routine systems maintenance" performed by IT on July 22.
- Files stolen included confidential personal data for as many as 72,000 current and past employees, including student employees.
- The university says the attack was the result of a hacker taking advantage of a vulnerability in a non-patched version of Struts2, and that the same server hosted part of a Web site used by students to pay bills, though it isn't clear whether additional student information was stolen.
From the article:
... The university reported that it "took immediate corrective actions" and is working with the Federal Bureau of Investigation as well as security firm Mandiant to investigate the causes and scope of the attack. The institution has sent notification letters to "more than 72,000 affected persons." It has also offered them free credit monitoring. About a third of those recipients also have active campus email accounts and have been sent email notifications as well. ...