The City College of San Francisco knew it had a serious virus infection last November when it noticed missing log data from a server in one of its computer labs. What it didn’t realize at first was that the virus had been cranking through the college’s databases since 1999: http://bit.ly/zYW4xo
It appears that the malware had been lifting bank and personal info stolen from students and faculty for years and disseminating the info overseas. The college is re-configuring firewalls and segmenting the network, as well as re-examining their procedures (no kidding), and changing passwords.
The golden rule of security testing strikes again: you don’t know if you’re vulnerable if you don’t take a look.