Information technology staff at Iowa State University have discovered a breach affecting five departmental servers on campus. An extensive analysis has revealed the compromised servers contained Social Security numbers of 29,780 students enrolled at Iowa State between 1995 and 2012. There is no evidence that data files were accessed, and there was no student financial information in the records. It appears that the intent of the person(s) responsible for the hacking was only to access the computing power in the servers and not to steal personal information.
College of Business servers were not affected by this breach. However, College of Business students or alumni who took classes in the areas in the following areas may have been affected:
- Computer science from 1995-2005
- World languages and cultures in 2004, 2007, and 2011-2012
- Materials science and engineering – one class only in ENGR101 in fall 2001 and MATE214 in spring 2001
The university ID numbers of an additional 18,949 students were on the compromised servers, but this information has no use beyond the ISU campus and does not pose a financial threat to those affected.
Students and alumni directly affected by this breach will be contacted with further details and instructions. The university has also set up a web site with information and FAQs concerning the data breach (web.iastate.edu/serverbreach). College of Business students or alumni who were affected or think they may have been affected should refer to this page for more specific details.