Thousands of University of Tampa (UT) students, faculty and staff have become candidates for identity theft after students and IT personnel discovered publicly available files on the internet containing personal information.
How many victims? Roughly 30,000.
What type of personal information? Names, Social Security numbers, college identification numbers and birth dates.
What happened? As part of a class project, a group of students stumbled upon a file containing the sensitive information of about 6,818 fall 2011-enrolled students, after conducting an advanced Google search. The file was live from approximately July 2011 to March 13 of this year.
Upon reporting their discovery to the IT department, investigators turned up two other files containing the confidential data of another 22,722 faculty, staff and students. These files were also publicly reachable, but were not indexed by any search engine.
The university blames a “server management error” for the breaches.
What was the response? Google removed the cached file related to the first file. The other two files were accessed by one student, but it was determined the student did not save any of the information to his or her computer. The university has notified victims and plans to offer them free identity-protection services.
Details: The files were “created to help resolve a problem with UT identification cards that occurred when a new server was made operational in July 2011. Unfortunately, the file consisting of current student data was later inadvertently indexed by Google,” according to the university.
There have been no reports that any of the data has been misused. In addition, the university said the information contained on the files was presented in such a way that would not be obvious to the casual observer of what they contained.
But considering names combined with Social Security numbers were involved, ID theft is a real possibility if the criminally minded person viewed the data.
Quote: “I’m not sure I can find words to express how worried they should be,” said Cpl. Bruce Crumpler of the Hillsborough County Sheriff’s Office. “I think they should be very concerned.”
Source: Tampa Bay Online, TBO.com, “Data breach hits University of Tampa students,” March 16, 2012.
University of Tampa, ut.edu news release “Data Breach,” last updated March 19, 2012.