More than 2,000 former graduate students of Johns Hopkins University are being notified that their personal information – including Social Security numbers – was stored on a server that was accessible via the internet, and was accessed a few dozen times.
How many victims? 2,166.
What type of personal information? Names and Social Security numbers were among the information.
What happened? The personal information was stored on a server that was accessible via the internet, and the data was accessed a few dozen times.
What was the response? Upon discovery, the files were taken down and the university carried out a security audit. All university employees are receiving training to ensure a similar incident does not occur. All impacted individuals are being notified and offered a free year of credit monitoring and identity theft protection services.
Details: The university learned of the incident on March 19. The personal data belongs to graduate students who attended the Homewood campus between 2007 and 2009. The data may have been indexed by search engines or web crawlers.
Quote: “Somebody had stashed them on a machine, not realizing that when they did that, the files would be accessible on the Internet,” Dennis O'Shea, a university spokesman, said.
Source: baltimoresun.com, “Former Hopkins grad students' personal data exposed online,” April 26, 2014.