Skip the navigation

Univ. of Tampa says student info was exposed for 8 months

Accidental online leak involved more than 6,800 students; another 22K may also be affected

March 21, 2012 02:37 PM ET

Computerworld - An in-class project on advanced search techniques led to the discovery of a major data breach at the University of Tampa (UT) in Florida earlier this month.

The breach affected more than 6,800 students who enrolled with the university last fall. It occurred after a file containing their names, Social Security Numbers and dates of birth was inadvertently made available on the Web for about eight months.

Another two files containing similar data on an additional 22,722 faculty, staff and students may also have been available online during that same period, the university said in a statement Monday. Those two files were not indexed by Google and therefore are less likely to have been viewed by others, the university said.

The school did not say why only one file was indexed by Google.

The breach followed a decision by university IT officials to create three temporary files to address a problem with university ID cards that arose after a server migration in July 2011. The file with the sensitive data was available from July 2011 to March 13, 2012, when it was discovered during an in-class search exercise. It has since been removed and all traces of it deleted from search caches.

UT will pay for credit monitoring services for the 6,818 students whose data was exposed. A university spokesman did not immediately respond to a request for comment.

Compromises stemming from inadvertent data exposure on the Web are common. Last year, the names, Social Security Numbers and other personal data on more than 3.2 million Texas residents was compromised after three files were inadvertently put on a server that was accessible over the Web. The compromise resulted in two senior Texas IT executives being fired by the State Comptroller's office.

Similarly, Yale University last August had to warn 43,000 faculty, staff and students of a breach after the File Transfer Protocol (FTP) server on which the data was stored got indexed by Google and became searchable on the Web. In that case, the data was publicly available for more than 10 months before it was discovered and taken down.

covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at Twitter @jaivijayan or subscribe to Jaikumar's RSS feed Vijayan RSS. His e-mail address is

See more by Jaikumar Vijayan on

Read more about Security in Computerworld's Security Topic Center.

Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!