Western Connecticut State University Data Breach (2009)

Western Connecticut State University on Thursday said that a database vulnerability on a system housing sensitive personal information resulted in approximately 235,000 individuals being exposed. The vulnerable server maintained records collected by the university over a 13-year period, and was said to be vulnerable from April 2009 to September 2012. Exposed information included names, addresses, social security numbers, and/or financial account information provided in association with transactions with the university. The information was gathered in several ways, the University said, including when prospective students applied to the university, when filled financial aid forms were filled out, or when the university purchased lists of items like SAT scores. The vulnerable information dated back to 1999, the University said.