A data breach at eight Cal State campuses — including three in Los Angeles County — has exposed the personal information of nearly 80,000 students enrolled in an online sexual violence prevention course, it was reported today.
The Cal State system had hired the vendor We End Violence to provide the noncredit class on sexual harassment, which is required of all students under state law. Students who took the training with that company had their data hacked, the Los Angeles Times reported, quoting officials.
Two other vendors were also providing the classes but the data of students in those classes were not compromised, Cal State spokeswoman Toni Molle told the newspaper.
Cal State officials said they had few details on how the hack occurred, other than there was a “vulnerability in the underlying code.” Cal State has hired a forensics firm to investigate.
Information such as passwords used to log into the class, as well as sign-in names, campus-issued email addresses, gender, race, relationship status and sexual identity were exposed. But identifying information such as Social Security, credit card and driver’s license numbers was not compromised, Molle told The Times.
Campuses involved are Channel Islands, Los Angeles, San Bernardino, Maritime Academy, Cal Poly Pomona, Northridge, San Diego and Sonoma.
All affected students were advised to immediately change their passwords. Also, a toll-free hotline was created for students’ questions, (877) 218-2930.
