The IT staff at Iowa State University have disclosed a data breach involving five departmental servers on campus. In a notice to existing and former students and staff, the IT staff at Iowa State University disclosed a data breach on Tuesday, which impacted five departmental servers on campus.In their disclosure, the university said that investigations into the incident revealed that the compromised servers housed Social Security Numbers for 29,780 students enrolled at the school between 1995 and 2012.The good news is that investigators don’t believe the data was accessed by the person(s) who compromised the server.It’s believed that the primary objective of the attackers was to use the compromised servers to mine for Bitcoin, which would require a decent amount of processing power – something these servers could provide. According to the school’s report, the five compromised servers are network-attached storage devices made by Synology. Other Synology users have reported similar attacks, where the person(s) responsible have attempted to use them for Bitcoin mining.The compromised servers held data on those who took classes in Computer science (1995-2005); World languages and cultures (2004, 2007, 2011-2012); Materials science and engineering (one class only in ENGR101 in fall 2001 and MATE214 in spring 2001); two other servers were also breached, but they didn’t contain any personal information. “Out of an abundance of caution, the university has decommissioned, removed from the Internet and destroyed compromised servers. Other servers of the same type are no longer accessible through the internet, have received software updates to prevent hacking, and will be replaced as soon as possible,” the report noted.However, because the data was exposed (access or not), the university has started the notification process. Students impacted will be contacted by USPS this week. In addition to the Social Security Numbers, the university is also contacting 18,949 students whose university ID numbers were located on the breached servers.Those IDs are only used for school authentication along with a password, so there is no financial risk involved, a statement from Senior Vice President and Provost, Jonathan Wickert, explained.“We don’t believe our students’ personal information was a target in this incident, but it was exposed. We have notified law enforcement, and we are contacting and encouraging those whose Social Security numbers were on the compromised servers to monitor their financial reports,” the statement adds.Students with exposed Social Security Numbers are encouraged use the free credit monitoring and identity protection offered by the school, which is being managed by AllClear. The school will cover up to two years of monitoring. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe