We know that approximately 5% of data breaches take years to discover. Just this month, for example, the City College of San Francisco discovered an "infestation" of computer viruses that have been leaking data for more than a decade. The investigation of the initial security flag found that an infestation of computer viruses had been lurking on college computers since 1999. Not all systems have yet been analyzed.
According to what is known already, each night several viruses would troll college networks and transmit data to sites in Russia, China and several other countries. Computers all across campus have been infected and it is likely that personal computers and data devices connected to the college network in the last 10 years have also been affected.
"We may never know the full extent of the damage, and how many lives have been affected by this," CTO Hotchkiss told three college trustees Thursday evening who met to discuss school buildings and technology issues. "These viruses are shining a light on years of (security) neglect."
The college is currently attempting to trace the extent of the breach and will attempt to notify affected individuals.
According to the news report, the City College of San Francisco was particularly lax in its security policies. For example, passwords for computer systems had not been changed in more than 10 years and that both technologies and policies for protecting information were years in arrears.