University of Rhode Island server breach exposes staff and student data

University of Rhode Island (URI) officials disabled the school's College of Business Administration computer server, after the personal information of more than 1,000 faculty and students, as well as students from another school, was publicly available.

How many victims? About 1,000 current and former URI faculty members, in addition to 22 former students of the university and 80 students from an unnamed out-of-state school.

What type of personal information? The names, birth dates, Social Security numbers and some compensation information of faculty members. Former URI students had their Social Security numbers and names exposed, while students from the out-of-state school had their grades, names and Social Security numbers posted to the server.

What happened? Personal information, which was not intended to be stored on the business college server, was placed there. According to URI, faculty had access to the server and used it to upload and share course information.

What was the response? After discovering the breach on July 31, URI took the school's business college server offline. The school is reaching out to those affected, and will provide a year of credit monitoring and identity protection services for impacted individuals. URI is working with an attorney general's office outside of Rhode Island to notify 80 students affected from another school.

Details: School officials said no current URI students or faculty – hired after April 2007 – were impacted by the data breach. The personal information of the out-of-state students and URI faculty was posted to the server in March 2007, while former URI students' information had been exposed since 2009.

Source: boston.com (Associated Press), “Personal info of faculty at URI compromised,” Aug. 27, 2012.