Univ. of Tampa says student info was exposed for 8 months
Accidental online leak involved more than 6,800 students; another 22K may also be affected
Computerworld - An in-class project on advanced search techniques led to the discovery of a major data breach at the University of Tampa (UT) in Florida earlier this month.
The breach affected more than 6,800 students who enrolled with the university last fall. It occurred after a file containing their names, Social Security Numbers and dates of birth was inadvertently made available on the Web for about eight months.
Another two files containing similar data on an additional 22,722 faculty, staff and students may also have been available online during that same period, the university said in a statement Monday. Those two files were not indexed by Google and therefore are less likely to have been viewed by others, the university said.
The school did not say why only one file was indexed by Google.
The breach followed a decision by university IT officials to create three temporary files to address a problem with university ID cards that arose after a server migration in July 2011. The file with the sensitive data was available from July 2011 to March 13, 2012, when it was discovered during an in-class search exercise. It has since been removed and all traces of it deleted from search caches.
UT will pay for credit monitoring services for the 6,818 students whose data was exposed. A university spokesman did not immediately respond to a request for comment.
Compromises stemming from inadvertent data exposure on the Web are common. Last year, the names, Social Security Numbers and other personal data on more than 3.2 million Texas residents was compromised after three files were inadvertently put on a server that was accessible over the Web. The compromise resulted in two senior Texas IT executives being fired by the State Comptroller's office.
Similarly, Yale University last August had to warn 43,000 faculty, staff and students of a breach after the File Transfer Protocol (FTP) server on which the data was stored got indexed by Google and became searchable on the Web. In that case, the data was publicly available for more than 10 months before it was discovered and taken down.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Michaels breach exposes nearly 3M payment cards
- Teen nabbed in Heartbleed attack against Canadian tax site
- Heartbleed bug can expose private server encryption keys
- FTC can sue companies hit with data breaches, court says
- 5-year-old hacks Xbox, now he's a Microsoft 'security researcher'
- State AGs probe Experian subsidiary's data breach
- NSA sniffing prompts Yahoo to encrypt traffic between its data centers
- Banks withdraw data breach claim against Target
- Bank abandons place in class-action suit against Target, Trustwave
- Banks' suit in Target breach a 'wake-up call' for companies hiring PCI auditors
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts