Purdue University informed 7,093 former students on Monday that their Social Security numbers may have been stolen from servers at the University on April 5, 2010. The notification comes 16 months after the discovery of the breach.
According to the (Indiana) Journal & Courier, the server contained 6.6 million nine-digit numbers in the accessed files. After spending six months analyzing those numbers, Purdue determined that approximately 65,000 of those number combinations could be Social Security numbers. An additional four months was spent reanalyzing the numbers and performing forensic analysis. Based on those efforts, the University had matched 7,093 of those number combinations to Social Security numbers of former students.
The breach was discovered only three days after it occurred, approximately April 8, 2010. Fourteen months after discovery of the breach, Purdue notified the Office of the Indiana Attorney General. Now, approximately two months later, the affected former students were notified.
Purdue did not offer any sort of credit monitoring and, instead, recommended to those affected to be vigilant and keep and eye on their credit activity.
The announcement by Purdue comes on the heals of an announcement by The University of Wisconsin-Milwaukee on August 10th that 75,000 of its students had been exposed to a hacking incident in May 2011, as reported earlier here.
While the delay of three months may have seemed excessive last week, at least UWM beat Purdue's delay by almost 14 months.