We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,693 News Articles

Univ. of Tampa says student info was exposed for 8 months

Accidental online leak involved more than 6,800 students; another 22K may also be affected

An in-class project on advanced search techniques led to the discovery of a major data breach at the University of Tampa (UT) in Florida earlier this month.

The breach affected more than 6,800 students who enrolled with the university last fall. It occurred after a file containing their names, Social Security Numbers and dates of birth was inadvertently made available on the Web for about eight months.

Another two files containing similar data on an additional 22,722 faculty, staff and students may also have been available online during that same period, the university said in a statement Monday. Those two files were not indexed by Google and therefore are less likely to have been viewed by others, the university said.

The school did not say why only one file was indexed by Google.

The breach followed a decision by university IT officials to create three temporary files to address a problem with university ID cards that arose after a server migration in July 2011. The file with the sensitive data was available from July 2011 to March 13, 2012, when it was discovered during an in-class search exercise. It has since been removed and all traces of it deleted from search caches.

UT will pay for credit monitoring services for the 6,818 students whose data was exposed. A university spokesman did not immediately respond to a request for comment.

Compromises stemming from inadvertent data exposure on the Web are common. Last year, the names, Social Security Numbers and other personal data on more than 3.2 million Texas residents was compromised after three files were inadvertently put on a server that was accessible over the Web. The compromise resulted in two senior Texas IT executives being fired by the State Comptroller's office.

Similarly, Yale University last August had to warn 43,000 faculty, staff and students of a breach after the File Transfer Protocol (FTP) server on which the data was stored got indexed by Google and became searchable on the Web. In that case, the data was publicly available for more than 10 months before it was discovered and taken down.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com .

See more by Jaikumar Vijayan on Computerworld.com .

Read more about security in Computerworld's Security Topic Center.


IDG UK Sites

iPhone 6 release date, price, specs and new features: Convincing leaked photos show iPhone 6

IDG UK Sites

Gateway to your kingdom: why everybody should check and update their broadband router

IDG UK Sites

Netflix whips up 3D VR viewing room for Oculus Rift during company hack day

IDG UK Sites

Best Mac? Complete Apple Mac buyers guide for 2014