The Cavalier Daily
Serving the University Community Since 1890

Student and alumni data subject to information security breach

The compromised system contained information for about 24,000 associated with University email addresses

This is not the first data breach of the year, as the University was the target of a cyberattack June 1
This is not the first data breach of the year, as the University was the target of a cyberattack June 1

Student and alumni information housed in 3rd Millennium Classrooms, a company that administers online courses to colleges and universities across the country, was subject to a recent security breach per an email sent by the Office of Student Affairs Wednesday afternoon. 

The Office of Student Affairs maintained that no University information systems were harmed in the breach. However, the names and University emails of some students were disclosed as a result of the data breach. 3rd Millennium provides the online alcohol and drug awareness models to the University. These modules are required, and are completed annually by current University students. 

University’s Deputy Spokesperson Bethanie Glover said in an email statement to The Cavalier Daily that the compromised system contained information for about 24,000 accounts associated with University email addresses, but it is unclear how many were compromised. 

“While we don't know how many of those records were disclosed in the breach, we sent messages to all of the U.Va.-affiliated account holders as a precaution,” Glover said in the email. 

Glover also affirmed that 3rd Millennium did not have access to University information systems. The University provided 3rd Millennium with names and email addresses of students needing access to training modules. Any further information in 3rd Millenium’s possession regarding University users would have been provided by users.

Glover said that a small number of University-affiliated accounts contained what may be the last four digits of an SSN, but there is currently no indication that more sensitive information — like social security numbers — were disclosed.

“That information was not provided to the vendor by the University, and the vendor indicates that it did not solicit that information as part of its services,” Glover said. “There is no indication that the vendor was in possession of full social security numbers for University account holders.”

This is not the first data breach of the year, as the University was the target of a cyberattack June 1 — the University required students to reset their academic passwords as a precautionary measure following the incident. 

The Office of Student Affairs has urged students to contact abuse@virginia.edu if anyone makes contact with them regarding the incident at 3rd Millennium. 

Local Savings

Comments

Latest Video

Latest Podcast

With Election Day looming overhead, students are faced with questions about how and why this election, and their vote, matters. Ella Nelsen and Blake Boudreaux, presidents of University Democrats and College Republicans, respectively, and fourth-year College students, delve into the changes that student advocacy and political involvement are facing this election season.