Around 6,000 University of Virginia faculty members have been warned that their personal details - including their Social Security numbers and dates of birth - have been downloaded by hackers.
According to University officials, the hackers gained access to the records between May 2005 and April of this year.
The college's announcement of the major systems hack drew astonishment and raised eyebrows from Phil Higgins, a senior partner with Brookcourt Solutions, who expressed considerable surprise at the length of time the hackers had access.
"Security system failures are becoming a fact of life in the modern IT environment, especially when IT managers rely on a single security technology to protect their systems, but a failure lasting two years? Come on," he said.
According to Higgins, the Charlottesville-based college's admission is a clear-cut illustration that the modern IT security manager needs to take a holistic approach to their security systems.
"IT security has become a multi-layered discipline. AV on the desktop and server with an archaic firewall isn’t enough. It’s not just about the hackers standing at your gate; in today’s environment, research shows that internal based attacks are increasing. Identity managed access to the physical and application layer provides better control whilst intrusion detection and prevention coupled with a behavioural analysis system adds to a robust structure." he said.
"Modern day hackers, as shown by the University of Virginia systems hack, are sophisticated Internet users, and it takes a sophisticated best of breed multi-product approach to tackle the problem," he added.