ale university has recently disclosed a data breach that took place between 2008 and 2009. On July 26th and 27th, Yale notified their faculty members, alumni, and other staff that were believed to have been affected. An attacker successfully exfiltrated names, birthdates, and social security numbers of 119,000 individuals. Some of the victims had their Yale university email addresses and physical address stolen as well. It is believed that no financial information was stolen in the breach. According to researchers, “in 2011, personal information was deleted from the database as part of an updated data protection mandate, but the intrusion was still not detected.” The breach was not discovered until June 16th of this year during a routine check of servers and systems. After further investigation, Yale noticed that the database had been breached again between March 2016 and June 2018, and the attacker stole names and social security numbers of 33 individuals. There has been no indication that the stolen data is for sale on any darknet forums.
