Yale University has notified its alumni, staff, and faculty about a data breach that happened 10 years ago.
Yale University is a private Ivy League research university situated in New Haven, Connecticut, United States.
The data breach which took place between April 2008 and January 2009 has compromised the personal details of 119,000 people.
The breach was discovered on June 16, 2018, during a routine security review of Yale servers conducted by the IT team where they discovered a log which revealed the breach.
The hackers were able to gain access to the Yale University database and steal sensitive information such as names, social security numbers, date of birth.
In some cases, email addresses and physical address were also stolen, and no financial information were stolen in the breach
In 2011, the university deleted the personal information compromised in the breach from their database as part of the data protection program, and still, data was not detected.
The database was once again accessed by an unknown attacker between March 2016 and June 2018.
Even Though the breach was detected in June, the university notified alumni, staff, and faculty about the breach after a month on July 26 and 27.
Yale said as the breach occurred long ago they don’t have more information about the breach and there was no indication of any misuse of stolen data till now.
Zach Seward, chief product officer and executive editor at Quartz who is a victim of yale breach said in a Twitter post that “Got a letter from Yale saying that hackers obtained my social security number from the university. My one and only interaction with Yale was applying to attend there in 2002. Yale says the breach happened in 2008 or 2009 and was discovered last month. Data have nine lives.”