California State University Breach Impacts 79,000 Students

A data breach that occurred through a third-party vendor has exposed personal details of nearly 80,000 California State University students; University officials have revealed.

A data breach targeting eight California State University (CSU) campuses has exposed the personal information of 79,000 students enrolled in an online course for sexual violence prevention, the Los Angeles Times reports.

Related Article: 8 Colleges Impacted in Harvard Data Breach

The CSU Chancellor’s Office in Long Beach, California confirmed the breach in a statement.

“Protecting student data and personal information is a top priority of the California State University (CSU),” read a statement issued by the chancellor’s office.

“As soon as it was learned that student information was exposed by a third-party vendor (hired to provide Web-based sexual assault and prevention training), immediate action was taken at the eight impacted campuses to further safeguard student information.”

Yet Another University Breach

The breached personal information from nearly 80,000 students includes:

  • Gender
  • Sexual orientation
  • Mailing addresses
  • Email information
  • Relationship status

The affected campuses in the breach include:

  • Cal State Northridge
  • Cal Poly Pomona
  • Cal State Los Angeles
  • Cal State San Bernadino, among others.

CSU spokeswoman Toni Molle added that officials have few details on how the hack occurred. Currently, all signs point to a “vulnerability in the underlying code.”

Related Article: Rutgers University to Spend $3 Million on Cybersecurity

Molle added that personal information such as Social Security, driver’s license numbers and credit card information were not compromised.

CSU confirmed that it had hired a Digital Forensics firm to conduct an investigation into the breach.

Carol Mosley, director of ‘We End Violence’, the vendor of the noncredit class on sexual harassment, was first notified of the possible breach on 24 August. Mosley confirmed that the website was shut down two days after the breach, but the students were not informed by the company, until recently.

“We were working as quickly as we could and had to be sure we had the correct student list and that the CSU system was aware of what was going on … so they could provide their own responses,” Mosley added.

“We believe in shutting down the website on the 26th we were protecting students at that point.”

Students are advised to change their passwords immediately. Furthermore, a toll-free hotline is up for any queries regarding the breach at (877) 218-2930.