A student found a document on the school’s website that contained names and social security numbers of admissions applicants from 2005.
How many victims? 1,430
What type of personal information? Names and Social Security numbers.
What happened? Through an Internet search on the university’s Web site, a student found the document, which contained her own name and social security number, and reported it to the university.
Details: The document was contained in the archives of a school computer server. The server itself was purged of sensitive data, but the archives were not. This was the fourth data breach at the university in two years. A hacker accessed a university server in September and may have had access to a document with students’ Social Security numbers. A university flash drive was misplaced in June 2007 that may have contained 8,000 current and former students’ Social Security numbers and a class roster was misplaced that July that included 49 students’ Social Security numbers.
What was the response? Officials temporarily shut down the site and removed the document; letters to all affected individuals were mailed informing them about the breach. A university official said they will look into hiring outside technology experts to determine what can be done to prevent breaches. The employee responsible for scanning the schools server archives for sensitive data will be reprimanded but not terminated.
Quote: “This is an ongoing problem that all campuses face, with old data on computers with millions of files and it is difficult to make sure that they are all deleted,” said Jody Nelsen, the university’s executive vice president of finance and administration. “It is disappointing that it has happened again and we are going to be very aggressive to alleviate this problem.”
Source: Caller.com, Corpus Christi Caller-Times, “A&M-CC student data exposed,” Nov. 7, 2008.