Univ. of Tampa notifies over 30,000 students and staff that their Social Security numbers were exposed on the Internet

The University of Tampa has issued a breach notice:

On March 13, 2012, the Office of Information Technology (IT) learned that due to a server management error, a University of Tampa data file containing sensitive information was publicly accessible for a certain period of time. There is no evidence the file has been used maliciously. Immediately after receiving notification, IT secured the file and took steps to ensure it is no longer publicly accessible or searchable.

The file included 6,818 records of Fall 2011 students. Information included UT identification number, social security number, name and date of birth. The sensitive information was displayed as a string of numbers that would not be immediately obvious to a casual viewer. Exposure of this file was potentially from July 2011 through March 13, 2012.

The compromised data was discovered during an in-class exercise and was immediately reported to IT. UT notified Google to remove the cached file from the search engine.

It was also determined that two other files were accessible. These files contained sensitive information, including UT identification number, name, social security number and photos, for 29,540 faculty, staff and students from the period Jan. 29, 2000 through July 11, 2011. IT has thoroughly examined files and associated logs to ascertain the extent of the breach, and has determined that the files were only accessed by the individuals who made the report. We believe, therefore, there is minimal risk to former and current students and employees.

Full notice on UT site. Media coverage on MyFox Tampa Bay.

via @DrInfoSec

About the author: Dissent