Breach, Data Security

Student data inadvertently posted online, accessible via Google search

An undisclosed number of Pennsylvania-based Lake Erie College of Osteopathic Medicine (LECOM) students are being notified that their personal information – including Social Security numbers – was in spreadsheets that were inadvertently posted online by Hubbard-Bert, a benefits administrator for LECOM.

How many victims? Undisclosed. 

What type of personal information? Names, Social Security numbers, email addresses and, in some cases, dates of birth.

What happened? A test server was configured incorrectly, resulting in spreadsheets containing the LECOM student data being inadvertently posted online and made accessible via Google.

What was the response? Hubbard-Bert launched an investigation. The company removed the files from its server and worked with Google to remove the information from Google's servers. Hubbard-Bert is implementing enhanced security protocols for all of its web servers and is installing an offline web server for future testing purposes. All impacted individuals are being notified and offered a free year of identity theft protections services.

Details: The test server was configured incorrectly on April 14. Any unauthorized access to the information may have first been gained on April 20. The information was no longer accessible by April 25.

Quote: “This incident did not affect all LECOM students,” Joseph Kelly, vice president of Hubbard-Bert, wrote in a notification letter. “Further, to date, we are not aware of any misuse of any personal information involved or any fraudulent activity related to this incident.”

Source:, “Incident Notification,” May 12, 2014.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.