University of Virginia subcontractor breach puts student data at risk

The Office of Student Affairs of the University of Virginia reported a security breach involving 3rd Millennium Classrooms, a company that offers online courses to numerous colleges and universities across the U.S. This breach reportedly compromised student and alumni data.

While the University's internal systems remained unaffected, some students' names and their associated University email addresses were leaked due to this breach. The compromised data is connected to 3rd Millennium’s provision of mandatory online drug and alcohol awareness modules, which are annually taken by active students of the University.

Of the compromised accounts, a few reportedly contained potential last four digits of SSNs (Social Security Numbers). Yet, there are no current signs suggesting that any complete social security numbers were leaked.

Approximately 24,000 accounts linked to University email addresses were present on the breached system. The exact number of compromised accounts remains uncertain at this time. As a protective measure, the University highlighted, “All account holders affiliated with U.Va. have been alerted, irrespective of whether their data was exposed or not."

The University also clarified that 3rd Millennium was never granted access to the University's broader information systems. The data shared with 3rd Millennium by the University was strictly limited to student names and email addresses for the purpose of accessing training modules. Any additional data the company might have had would be the result of direct student input.