An intruder gained access to files containing the personal information, including Social Security numbers, of more than 97,200 UF students, faculty and staff who used the Grove computer system from 1996 to 2009, UF announced Thursday.
UF is mailing letters to those who may have been affected, most of whom live in Florida, according to a UF news release.
UF has no contact information for about 5,000 people, the release stated.
A toll-free hotline has also been established at 1-877-657-9133.
The privacy breach is costing UF about $130,000, UF spokeswoman Janine Sikes said. Costs include sending letters and hiring a call center.
Sikes said UF has no information to suggest the information was used fraudulently.
A University Police Department report said the system may have been accessed by people in Antigua and Barbuda Brazil, located in the Caribbean.
The data breach is the fourth one announced by UF in the past year.
The breach was discovered on Jan. 14 by a staff member in the Academic Technology Department while UF was switching from the Grove system to a new system.
The system was immediately shut down and then permanently retired as a result of the breach. It was used by faculty to post course-related materials for students and hosted free Web space. It was also UF's first e-mail system, Sikes said.
According to the release, users of the system had to log on with their UF ID numbers which, until 2003, were their Social Security numbers.
Sikes said UF, like many other universities, used Social Security numbers for identification until it realized the vulnerabilities of that method.
She said most of UF's current students would not be affected by the breach because UF stopped using Social Security numbers in favor of UF IDs before most of them enrolled.
The breach follows one announced by UF's College of Medicine in November that affected the records of 330,000 people.
Another breach announced by UF in June affected about 11,300 former student employees.
Sikes said UF is particularly vulnerable to attacks because of its size.
"We have a lot of students; we have a lot of information," she said.
"It's kind of like monitoring the Mexican border," she said. "At some point someone is gonna slip through."
Linda Foley, founder of the Identity Theft Resource Center, said the number of data breaches at UF isn't exceptional.
Other universities have had 10 or 15 data breaches since 2005, while UF has had five, she said. In 2007, Michigan State announced seven breaches, she said.
She also said UF has taken the proper steps to correct the situation by attempting to notify those who might have been affected, establishing a hotline and recommending that people place fraud alerts on their credit reports.
She also said the fact that UF announced the breach more than a month after it was reported is not unusual because it usually takes a long time to determine how many files were compromised.
And she said there is a silver lining for students because many of them have not yet signed up for credit cards or otherwise established a credit record, which makes them less vulnerable to identity theft. It's harder for identity thieves to open credit lines for people without credit because those transactions attract more scrutiny, she said.
Sikes said UF is working to prevent future privacy breaches by centralizing its computer network, establishing a task force to identify potential problems and requiring training for employees who handle private data.
