Twenty-five thousand current and former staff and student workers at Salem State University may have had their personal information compromised after a virus infiltrated a school database, officials said.
Though the school is not aware of anyone’s data being used maliciously, the administration determined it was best to notify all parties possibly involved, said Tom Torello, vice president of marketing and communications.
“We just wanted to be careful and let them know the possibility is out there that their information could have been compromised,” he said.
The school’s virus software detected the Feb. 19 breach as it occurred, Torello said. Once detected, the school brought in forensic experts to address the breach; the school then notified those affected, he said.
A letter from the university president was sent March 11 to all 25,000 people with information in the computer database, which is run through the university’s human resources department, Torello said.
He said that to the best of his knowledge, the database includes only current and former staff and student workers.
Brian Shaughnessy, a 1984 Salem State master’s program graduate, received the letter from the president in the mail Thursday. He said he did not recall working at the university, nor ever applying for a job there.
“With all that’s been in the news lately, it’s unsettling to receive a letter like that,” Shaughnessy said.
Torello said Salem State worked with Experian, a credit information company, to provide an identity protection subscription free for a year to those affected and to help them assess further steps to protect their personal information. Experian did not immediately return a call for comment Friday afternoon.
Shaughnessy, a Kennebunk, Maine resident, said he was considering registering for the identity protection program.
Though it appears no one’s information was compromised by the data breach, Torello recommended enrolling.
“This is such a common occurrence,” he said. “Salem State’s just one of the ones on the long list” of organizations falling victim to data breaches.”
Lauren Dezenski can be reached at lauren.dezenski@