The breach occurred after administrators audited the University's network, according to a breach notification sent out to students. The intruder installed file sharing software on network machines that could have enabled the sensitive information to be filched from the network. Data involved in the breach, which dates back to 1987, includes names, social security numbers and dates of birth.
"These data are now secure, and a forensic analysis of the system has led the university to believe that no one's personal information has been compromised", said Eastern Washington University in a statement. "As a precaution, the university is mailing notification letters to people whose personal data may have been exposed so they can take the appropriate steps to protect themselves from fraud."
The University also set up a security hotline for students, but didn't go so far as to instigate free credit protection. Instead, it merely listed the numbers of credit reporting agencies on its website.
"It's a little shocking because you give your information to the University and it seems like a safe place to store that", said EWU student Drew Henry. "It's scary to know that someone could have your information to access credit, and could use that further down the line."
This is EWU's first reported data breach, but other Universities have suffered their own losses. The biggest university breach to date was reported in June 2008, when 2.2 million billing records were compromised on tapes stolen from University of Utah Hospitals and Clinics.
More recently, 236 000 records were reported stolen from a hacked University of North Carolina server in September. That breach, which reports said may have occurred up to two years prior, involved the data of women enrolled in a mammography study.
And in another breach reported last month, Pennsylvania State University said that 261 records from an archived class list may have been stolen using malware.