Yes, yes…happens all the time and the news doesn’t even make headlines anymore. Here is the WTH part:

The attacks on the database began in October 2005 and ended November 21 of this year, when computer security technicians noticed suspicious database queries, according to a news release posted on a school Web site set up to answer questions about the theft.

More than a year…

Here in the States we really need to enact some legislation requiring companies, universities, etc. to disclose these types of data breaches.

Most people probably don’t know that such laws don’t exist — they most likely think that CA and NY just have really bad IT security.