The breach was discovered May 8 when the university's IT staff noticed "an anomaly during routine daily maintenance of our computer system," said Funda Alp, a university spokeswoman. A rootkit installed on the system, apparently by an outside attacker, caused it to crash one of the services running on a server containing the information, Alp said.

"When the breach was discovered, [the server] was taken off-line immediately," Alp said. She added that preliminary investigations appear to show that the hacker had the expertise to access the information stored on the server although it is not clear if that happened. Apart from the names, addresses and Social Security numbers of 135,000 people, the compromised server also contained credit-card information on 103 individuals, she said.

There is no indication that the information has been misused, Alp said, adding that the university began notifying affected individuals soon after the breach was discovered.