A breach at the University of Tampa may have exposed the sensitive information of thousands of students, faculty and staff members, including their names, identification numbers, social security numbers and birth dates, according to a press release posted to their the University’s Web site over the weekend.
The information of approximately 6,800 students from fall semester 2011 was discovered online by students in a UT class who were searching online. A subsequent investigation turned up two more files containing roughly 30,000 more records from between January 2000 and July 2011.
The sensitive information was “displayed as a string of numbers that would not be immediately obvious to a casual viewer,” according to the press release.
The 30,000 records included a photograph of each individual while the information from last fall’s students included birth dates. All three files were discoverable with Internet searches and viewable until being found last week.
In alerting students, University officials credited the leak to a “server management error.”
At the root of the breach seemed to be a problem with the way the school managed the information of students and employees. Information for the school’s identification card, the Spartan Card, was left in three temporary backup files created by the IT department. After the university launched a new server in July of 2011, “the file consisting of current student data was later inadvertently indexed by Google,” according to the press release. The Department of Education and the Internal Revenue Service required UT, like many colleges, to link social security numbers with university identification numbers.
Shortly after the breach was discovered, the Information Technology Office claims it secured the publicly accessible files and contacted Google to delete any traces of them from their caches.
While the school’s IT office claims there’s no evidence the information had been viewed or even used maliciously yet, as is often the case with widespread data breaches like these, the institution has promised those affected access to fraud alert services.
Data breaches, especially in the higher education sector can be a boon for hackers. More than 160,000 students were hit by a healthcare data breach at University of California at Berkeley in 2009. According to Privacy Rights Clearinghouse, 16 schools – 10 of them universities – have seen information from their servers leaked from breaches this year alone.