Univ. of Tampa says student info was exposed for 8 months
Accidental online leak involved more than 6,800 students; another 22K may also be affected
Computerworld - An in-class project on advanced search techniques led to the discovery of a major data breach at the University of Tampa (UT) in Florida earlier this month.
The breach affected more than 6,800 students who enrolled with the university last fall. It occurred after a file containing their names, Social Security Numbers and dates of birth was inadvertently made available on the Web for about eight months.
Another two files containing similar data on an additional 22,722 faculty, staff and students may also have been available online during that same period, the university said in a statement Monday. Those two files were not indexed by Google and therefore are less likely to have been viewed by others, the university said.
The school did not say why only one file was indexed by Google.
The breach followed a decision by university IT officials to create three temporary files to address a problem with university ID cards that arose after a server migration in July 2011. The file with the sensitive data was available from July 2011 to March 13, 2012, when it was discovered during an in-class search exercise. It has since been removed and all traces of it deleted from search caches.
UT will pay for credit monitoring services for the 6,818 students whose data was exposed. A university spokesman did not immediately respond to a request for comment.
Compromises stemming from inadvertent data exposure on the Web are common. Last year, the names, Social Security Numbers and other personal data on more than 3.2 million Texas residents was compromised after three files were inadvertently put on a server that was accessible over the Web. The compromise resulted in two senior Texas IT executives being fired by the State Comptroller's office.
Similarly, Yale University last August had to warn 43,000 faculty, staff and students of a breach after the File Transfer Protocol (FTP) server on which the data was stored got indexed by Google and became searchable on the Web. In that case, the data was publicly available for more than 10 months before it was discovered and taken down.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Hackers steal user data from the European Central Bank website, demand money
- Arrests made after international cyber-ring targets StubHub
- SQL injection flaw opens door for Wall Street Journal database hack
- Goodwill Industries probes possible payment card breach
- Aloha point-of-sale terminal, sold on eBay, yields security surprises
- The biggest data breaches of 2014 (so far)
- Blue Shield discloses 18,000 doctors' Social Security numbers
- PF Chang's says breach was 'highly sophisticated criminal operation'
- Breaches exposed 1 in 7 US debit cards in 2013
- New malware program targets banking data
Read more about Security in Computerworld's Security Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!