The sensitive information of tens of thousands of former University of Hawaii students was inadvertently posted online, where it remained for nearly a year before being removed.
How many victims? 40,000.
What type of personal information? Names, Social Security numbers, addresses, birth dates and educational data.
What happened? Last December, a faculty member inadvertently uploaded the sensitive files to an unencrypted web server. The faculty member, who recently retired from UH's West Oahu campus, was conducting a study about students.
Details: Those affected are students who attended UH's Manoa campus from 1990 to 1998 and during 2001. In addition, students who attended UH's West Oahu campus during fall of 1994 or graduated from 1988 to 1993 may be impacted.
The incident follows a separate UH breach disclosed in July that involved the personal information of 53,000 individuals.
What was the response? The university removed the files and disconnected the affected server from the network, after Liberty Coalition, a nonprofit group based in Washington D.C., notified university officials about the exposure on Oct. 18. Affected individuals are being notified.
The FBI and Honolulu Police Department have been notified. The university currently has no evidence that anyone's personal information was accessed for malicious intent. Meanwhile, the UH West Oahu campus is also working to adopt more proactive security measures to ensure a similar incident does not occur in the future.
Source: http://manoa.hawaii.edu/, University of Hawaii – Manoa, “Inadvertent exposure by UH West O'ahu affects Mānoa students,” Oct. 28, 2010.