(Springfield, MO) - More than 6,000 Missouri State University students
have had their social security numbers compromised.
School officials said Thursday that the university learned of an
internal security breach on February 22. The breach affects 6,030
College of Education students, who were notified of the incident.
According to MSU, in October and November of last year, the College of
Education prepared nine lists of students, which included social
security numbers. Those lists were meant to be posted on a secure
server for personnel preparing the students' accreditation.
It wasn't meant to be seen by anyone outside the school and people
involved in that process. However, the school says the lists were
accessible to the general public and ended up on Google.
The exposed documents include information about students from nine
semesters between 2005 and 2009.
The university says since it discovered the breach, it has worked with
Google to pull the lists so there are minimal "hits."
Investigators don't think the people looking at the data were trying
to get those social security numbers -- based on what they accessed.
Google stores information, so the school had to work all the way until
last weekend to get rid of those copies.
The university says those pages had less than a couple dozen hits. It
says out of all the students, it's still searching for contact
information for only 6 of them.
Calls have been pouring in to the school.
"Out of 6,030 we are down to six that we have not been able to contact
with an address a phone number of e-mail," says spokesman Jeff
Morrissey. "Twenty-three hits and another thing that's important about
that is out of the files that were hit, everyone of these hits were
from residential type areas that we could determine."
The students KOLR/KSFX talked to were shocked that the university they
trusted so much with their personal information could accidentally
leak it to the web.
"That's a lot of trust in the university to have all of my
information, keep it secure," says junior Courtney Beets. She planned
to see what she could find out from her college counselor Thursday.
"Well I thought I trusted them a lot, but now I'm not so sure," says
Allison Hiegel, who's majoring in elementary education. "It worries
me, especially because I haven't gotten an email yet saying anything
about it That's a little scary to me."
The university says it's offering to pay for a year of consumer
identify theft protection insurance for all involved. At a negotiated
rate of $7 per person, the total cost will be about $42,210.
"That does make me feel a little bit safer," says Hiegl.
Missouri's Attorney General was also notified, and the school has put
into place a disciplinary action against the employee who posted the
lists to the unsecured server.
No comments:
Post a Comment