The names and social security numbers of about 9,800 students, alumni and applicants of private research Syracuse University in New York state have leaked.
The breach, by way of someone gaining unauthorised access to an employee’s email account, happened between 24 and 28 September last year, but has only just been made public by the university’s student-run newspaper, The Daily Orange.
Learning of the leak, university authorities secured the account and investigated the incident with the help of a computer forensics firm.
On the conclusion the university sent a letter to affected students. In it Steven Bennett, senior vice-president for international programmes and academic operations, wrote it is putting in more resources for cybersecurity training and giving additional phishing training for employees with access to personal information.
A Syracuse spokeswoman said: “To date, we are unaware of any misuse of the information maintained in the employee’s email account, nor do we have any evidence that private, personal information was actually viewed.”