Unauthorized Disclosure

Western Michigan University Web Site Accidentally Exposes Student Information

By Adam Dodge - Posted on December 22nd, 2009

Quick Facts

Date: 12/22/2009
Institution: Western Michigan University
Type of Incident: Unauthorized Disclosure
Number Affected: Unknown
Source: DataBreaches.net
Abstract Source: New Hampshire Attorney General's Office (PDF)

Abstract
Western Michigan University has notified students after a mistake exposes student information online. According to the letter to the NH Attorney General's Office, student information such as Social Security numbers were inadvertently exposed online for "a brief period of time". The information was discovered on December 14, 2009 and the information was immediately removed. According to the university, there is no evidence the information was accessed, letters were sent out offering those affected a one-year membership in a credit monitoring service by IDExperts.

University College Dublin Hands Media Confidential Student Information

By Adam Dodge - Posted on November 24th, 2009

Quick Facts

Date: 11/24/2009
Institution: University College Dublin
Type of Incident: Unauthorized Disclosure
Number Affected: 2
Source: DataBreaches.net
Abstract Source: The University Observer

Abstract
The University Observer, a student newspaper, was able to obtain detailed academic records on two University College Dublin students from UCD. The newspaper, with the knowledge and consent of the two students, filed official requests for information using nothing more then publicly available information. These requests were accepted and the newspaper was supplied with full academic statements on these students. In response to the ease with which the University Observer was able to obtain these records, UCD Students' Union President Gary Redmond asked the university to "...review its internal policies to ensure that all procedures were followed in this instance, and if necessary introduce mechanisms to ensure that a breach of this nature does not occur in the future." The university declined to comment on whether or not the university would be reviewing data protection procedures.

Tagged: University College Dublin • 2009 • DataBreaches.net • Educational Information • Personally Identifying Information • Unauthorized Disclosure

[Update1] Employee Information Available on Notre Dame Web Site

By Adam Dodge - Posted on November 20th, 2009

Employee Information Available on Notre Dame Web Site

Quick Facts

Date: 11/20/2009
Institution: Notre Dame
Type of Incident: Unauthorized Dislcosure
Number Affected: 24,000
Source: DataBreaches.net
Abstract Source: WNDU
Update1 Source: The Observer

Abstract
Notre Dame is warning employees after files containing personal information were discovered online. The files, accidentally placed online, contained names, Social Security numbers and dates of birth of an unreleased number of university employees. According to a spokesperson, the university removed the file as soon as the incident was discovered and there is no evidence the information was misused.

Update1
In total, the personal information on about 24,000 Notre Dame employees, including some student workers, was accidentally made available online.

Tagged: Notre Dame • 2009 • DataBreaches.net • Personally Identifying Information • Social Security Numbers • Unauthorized Disclosure

Cal Poly Pomona Applicant Information Online For Five Years

By Adam Dodge - Posted on November 15th, 2009

Quick Facts

Date: 11/15/2009
Institution: California State Polytechnic University, Pomona
Type of Incident: Unauthorized Disclosure
Number Affected: 355
Source: ESI
Abstract Source: LA Times

Abstract
California State Polytechnic University, Pomona recently announced that a mistake exposed the personal information of former applicants online. The information, available online for five years, included names and Social Security numbers of 355 applicants from 2003. According to the university, the information was mistakenly placed in a publicly accessible folder in November 2003. The file was removed in November 2008, but the data remained in search engine caches and indexes. Cal Poly Pomona became aware that this information was still, in part, available when a former student discovered his own information while searching Google.

Tagged: California Polytechnic • California State University • Pomona • 2009 • Educational Security Incidents (ESI) • Personally Identifying Information • Social Security Numbers • Unauthorized Disclosure

Mistake Exposes Personal Information of Chaminade University Students

By Adam Dodge - Posted on November 6th, 2009

Quick Facts

Date: 11/6/2009
Institution: Chaminade University
Type of Incident: Unauthorized Disclosure
Number Affected: 4,500
Source: DataBreaches.net
Abstract Source: Star Bulletin

Abstract
Chaminade University recently announced that a mistake exposed personal information on thousands of students. According to the university a report that was mistakenly placed online contained the names and Social Security numbers of 4,500 students. The investigation determined that the report was placed online eight months ago and affected enrolled undergraduate students that attended the university between 1997 and 2006. Chaminade became aware of the mistake on Wednesday and immediately removed the report from the Internet. Chaminade University has created a web site - www.chaminade.edu/infosecure - to help answer questions about the incident.

Tagged: Chaminade University • 2009 • DataBreaches.net • Personally Identifying Information • Social Security Numbers • Unauthorized Disclosure

Educational Security Incidents (ESI)

Sometimes the free flow of information is unintentional