Personal data belonging to 24,000 employees of the University of Notre Dame in the US have been publicly available on the web for the past three years, it has been revealed.
The security breach was caused by an employee, who inadvertently posted files containing the names, National Insurance numbers and post codes of the employees on a publicly accessible university website.
Files containing the data are believed to have been posted on the site in August 2006 and remained there until this October this year when they were finally discovered and reported to university officials.
The files have since been removed and secured and there is no evidence that the information has been inappropriately used, said Dennis Brown, Notre Dame's assistant vice president for news and information.
Included in the list of those affected by the breach are a "large number" of on-call and temporary employees, Brown said.
All of those affected by the breach have been notified and the university has offered to pay for credit monitoring services, he said.
Notre Dame last suffered a data breach in January 2006 , when unknown intruders broke into a server and accessed records belonging to an undisclosed number of individuals.
The document was supposed to have been redacted before it was posted on a government Web site, but wasn't.
Though data breaches involving external hackers get most of the attention, inadvertent data exposures such as these latest examples are not all that uncommon.