University posts info of 40K students

Oct 29, 2010 By JAYMES SONG , Associated Press Writer

(AP) -- The Social Security numbers, grades and other personal information of more than 40,000 former University of Hawaii students were posted online for nearly a year before being removed this week, The Associated Press has learned.

University officials told the AP that a faculty member inadvertently uploaded files containing the information to an unprotected server on Nov. 30, 2009, exposing the names, , disabilities and other sensitive information of 40,101 students who attended the flagship Manoa campus from 1990 to 1998 and in 2001. A handful of students from the West Oahu campus were included in the .

UH-West Oahu spokesman Ryan Mielke said there was no evidence that the faculty member acted maliciously or that any of the information was used improperly. The faculty member, who retired from the West Oahu campus in June, was conducting a study of the success rates of Manoa students, and believed he was uploading the material to a secure server.

The university apologized for the incident, saying it was investigating how it happened. It was notifying the former students by e-mail and letters, and has also alerted the FBI and Honolulu police.

"We are troubled (and) determined to notify everyone according to law and committed to do everything possible in the future to prevent this from happening," UH system spokeswoman Tina Shelton said.

The incident is the third major information breach in the UH system since last year. Each time, university officials promised it was strengthening its network systems and working to identify other potential security risks.

In the latest breach, UH immediately removed the exposed files and disconnected the server from the network when it was notified of the information breach on Oct. 18 by Aaron Titus, information privacy director of Liberty Coalition, which is a Washington-based policy institute.

Google cleared its caches late Thursday, some 11 months after the information was first put online.

"During that time, theoretically, anybody with an Internet connection could have had access to it. How likely that is ... is anybody's guess," said Titus, who discovered the files under a search.

Titus said the university's statement that it has no evidence that the was used maliciously was somewhat misleading.

"Of course they don't have any evidence of misuse, because the bad guys wouldn't tell them if they had," Titus said.

UH President M.R.C. Greenwood has discussed the issue with all the chancellors in the 10-campus system, emphasizing the policy regarding security and protection of sensitive information.

UH has setup a call center and website for individuals who may have been affected. Those who might be affected by the breach were advised to obtain a credit report and to review financial statements to look for unusual activities.

The university system's other major breaches include this summer's incident involving the personal information of 53,000 people - including 40,000 Social Security numbers - who had business with the Manoa parking office. Last year, more than 15,000 students at Kapiolani Community College were warned after an infected computer compromised their information on financial aid applications.

"There is absolutely no way that we can say this will never happen again, but we are taking every step that's possible to make sure it doesn't happen," which includes upgrading security systems and additional training, Shelton said.

Titus said the university could've caught the latest mishap much earlier and quickly blocked any access if it regularly scanned its server for personal information, which takes software that's readily available.

"That wheel has been invented at low cost," Titus said.

UH believes problems will lessen with time because of changes in the use of Social Security numbers. The UH system started to phase out to identify students in 2002. The numbers are still used to identify students from before that time for transcripts and other requests for information.

Explore further: Premier US album chart revamped to include streaming

More information: University of Hawaii-West Oahu: http://www.uhwo.hawaii.edu/idalert
National ID Watch: http://nationalidwatch.org/

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Hackers breach UC Berkeley computer database

May 08, 2009

(AP) -- University of California, Berkeley, officials said Friday that hackers infiltrated restricted computer databases, putting at risk health and other personal information on 160,000 students, alumni and others.

Breaches emphasize need for scanning, encryption

Mar 17, 2009

Recent news reports indicate a computer containing confidential information about the helicopter that transports President Barack Obama was breached by a computer in Iran. In January, Heartland Payment Systems, a company ...

Security glitch exposes WellPoint data again

Jun 29, 2010

(AP) -- WellPoint Inc. has notified 470,000 individual insurance customers that medical records, credit card numbers and other sensitive information may have been exposed in the latest security breach of the health insurer's ...

Malware continues to be a challenge to computer security

Feb 05, 2010

(PhysOrg.com) -- Identity theft continues to be a serious problem nationwide, and according to the nonprofit Identity Theft Resource Center, (ITRC) the economic recession may be a cause in the rise in scams, thievery and ...

Recommended for you

YouTube goes online for second Music Awards

Nov 20, 2014

The YouTube Music Awards are undergoing an overhaul for their second edition next year, scrapping a star-studded gala and instead looking at videos' online buzz.

China Premier calls for greater role in shaping Web

Nov 20, 2014

Chinese Premier Li Keqiang Thursday demanded a greater role for Beijing in shaping the global Internet, calling for "order" online as he failed to address his government's censorship of content it deems politically ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Flakk
not rated yet Oct 30, 2010
The incident is the third major information breach in the UH system since last year. Each time, university officials promised it was strengthening its network systems and working to identify other potential security risks.


Your problem is that thing between the chair and the keyboard.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.