San Diego State University notifies students of information exposure
So as if we didn’t have enough breaches in higher education recently, San Diego State University is notifying students who were enrolled in Pre-College Institute programs that their name, Social Security number, date of birth, address, and other personal information was in a database that enabled any computer connected to the SDSU wired network (offices, some laboratories, and the library) to view it with the program “FileMaker.”
The breach was discovered May 4, but it’s not clear for how long the database was exposed, and those being notified this week were not offered any free credit monitoring services.
You can read a copy of their notification letter from Chris Xanthos, Associate Vice President for Business Operations & CIO, on the California Attorney General’s website (pdf). SDSU did not immediately respond to an inquiry asking when the configuration error occurred and how many students had personal information in the database.