SAN FRANCISCO (AP) — The computer networks of a San Francisco community college have been infected with software viruses that illegally transmitted personal data from students and employees overseas, school officials said Friday.
Administrators for the City College of San Francisco found the rogue software, known as malware, in a computer lab over the Thanksgiving weekend. They determined the problem was widespread and that such viruses had been lurking in its computers for more than a decade.
"We looked in the system and discovered these things were all over the place," John Rizzo, president of the college's Board of Trustees, told The Associated Press.
The security breach, which was first reported Friday by the San Francisco Chronicle (http://bit.ly/xIsyh9 ), could affect up to 100,000 students who take classes at campuses across the city each year. The school has about 3,000 employees.
The college has begun notifying students, faculty and staff that their personal data may have been compromised, officials said. No cases of identity theft have been linked to the breach so far, and no victims have come forward, they said.
The malware, which is commonly used by organized crime to steal personal data, had recorded keystrokes and took screen shots to capture user information and sent the data to China, Russia and other countries, Rizzo said.
Every day after 10 p.m., at least seven viruses were trolling the school's networks and sending data to sites abroad, officials said.
"We don't know the extent to which data was captured," Rizzo said. "We don't know if individuals were affected, if they had data stolen that has affected them. But the potential is there."
He said there was no evidence that the community college had been specifically targeted by hackers. Administrators did not know how the school's networks became infected by the viruses.
Officials said the school was removing the malware from its servers and computers. College officials said they were working on strengthening network security but urged students and staff to avoid online activities on campus computers that require passwords or personal information.