The breached database held names, Social Security numbers, dates of birth and university identification numbers maintained by the university's information technology division and protected with "multi-layered security defenses," Loh said in an open letter.
"I am truly sorry," he wrote.
Loh stressed that no financial, academic, health, or contact information was taken but said the university would provide a free year of credit monitoring to anyone whose information was exposed.
The data breach is the latest in a string of such attacks in recent years. Financial institutions, employers, retailers and others have been targeted. In a case that stoked public outrage, a cyberattack on Target last year affected up to 40 million people.
Universities have also been vulnerable. A cyberattack at the University of Delaware compromised the information of 74,000 people last year. Nearly 24,000 College Park students' Social Security numbers were inadvertently printed on mailing labels for parking brochures in 2008.