The breach was discovered on May 8, when the university's IT staff noticed "an anomaly" during its daily system maintenance work, said Funda Alp, a spokeswoman for Sacred Heart. A rootkit program installed on the server -- apparently by an outside attacker -- caused one of the computing services running on that system to crash, Alp said.

Preliminary investigations showed that the attacker appeared to have the expertise to access the information stored on the server, although Alp said it isn't clear if that actually happened. In addition to the personal data, the compromised server contained credit card information for 103 individuals, she said.