Clark University in Massachusetts began notifying some students whose personal information, including Social Security Numbers, were in an employee’s email account that had been accessed.
According to their notification dated July 20, the university’s investigation revealed that an unauthorized individual could have accessed the employee’s email account between March 19 and March 23rd.
From the wording of the letter, it appears that one employee fell for a phishing attack.
Those notified were offered one year of Experian’s Identity Works product, with the university noting that to date, it had no evidence of any misuse of the personal information.
The number of students affected by the attack was not disclosed.