An undisclosed number of Pennsylvania-based Lake Erie College of Osteopathic Medicine (LECOM) students are being notified that their personal information – including Social Security numbers – was in spreadsheets that were inadvertently posted online by Hubbard-Bert, a benefits administrator for LECOM.
How many victims? Undisclosed.
What type of personal information? Names, Social Security numbers, email addresses and, in some cases, dates of birth.
What happened? A test server was configured incorrectly, resulting in spreadsheets containing the LECOM student data being inadvertently posted online and made accessible via Google.
What was the response? Hubbard-Bert launched an investigation. The company removed the files from its server and worked with Google to remove the information from Google's servers. Hubbard-Bert is implementing enhanced security protocols for all of its web servers and is installing an offline web server for future testing purposes. All impacted individuals are being notified and offered a free year of identity theft protections services.
Details: The test server was configured incorrectly on April 14. Any unauthorized access to the information may have first been gained on April 20. The information was no longer accessible by April 25.
Quote: “This incident did not affect all LECOM students,” Joseph Kelly, vice president of Hubbard-Bert, wrote in a notification letter. “Further, to date, we are not aware of any misuse of any personal information involved or any fraudulent activity related to this incident.”
Source: doj.nh.gov, “Incident Notification,” May 12, 2014.