Indiana University reports potential data exposure

Associated Press
February 25, 2014
Back to TopCommentsE-mailPrintBookmark and Share

The names, addresses and Social Security numbers of approximately 146,000 students and recent graduates of seven Indiana University campuses may have been inadvertently exposed, the university said Tuesday.

The university said it notified the Indiana attorney general's office of the potential exposure Tuesday and was taking steps to help those affected with credit monitoring.

The data was accessed by three automated computer data-mining applications, called webcrawlers, used to improve Internet searches, the university said.

The university said it has found no evidence that the files were viewed or used for inappropriate or illegal purposes. It said it will begin notifying all of the affected students this week.

IU "apologizes for any concern this issue may cause among our students and their families," John Applegate, executive vice president for university academic affairs, said in a prepared statement. "The university also is committed to assisting those whose information was potentially exposed."

By 8 a.m. Friday, the university will set up a call center to handle questions from anyone whose information was potentially placed at risk. The phone number is 866-254-1484.

IU also said it has set up a website with information on how to monitor credit accounts and answers to other questions regarding the potential exposure. It also will provide the Social Security numbers and names of those affected to the three major credit-reporting agencies.

The data had been stored insecurely for 11 months until a staffer of the registrar's office discovered the problem last week, the university said. The site was locked down and the information moved to a secure location the following day, it said.

The problem occurred after a change last March in the security protections for the site that housed the information. A review of access logs determined the data was downloaded only by the three automated webcrawling programs. The nature of the data contained in the files had been masked.

"This is not a case of a targeted attempt to obtain data for illegal purposes, and we believe the chance of sensitive data falling into the wrong hands as a result of this situation is remote," James Kennedy, associate vice president for financial aid and university student services and systems, said in a statement.


Post a comment to this story

We reserve the right to remove any post that we feel is obscene, profane, vulgar, racist, sexually explicit, abusive, or hateful.
You are legally responsible for what you post and your anonymity is not guaranteed.
Posts that insult, defame, threaten, harass or abuse other readers or people mentioned in IBJ editorial content are also subject to removal. Please respect the privacy of individuals and refrain from posting personal information.
No solicitations, spamming or advertisements are allowed. Readers may post links to other informational websites that are relevant to the topic at hand, but please do not link to objectionable material.
We may remove messages that are unrelated to the topic, encourage illegal activity, use all capital letters or are unreadable.

Messages that are flagged by readers as objectionable will be reviewed and may or may not be removed. Please do not flag a post simply because you disagree with it.

Sponsored by

facebook - twitter on Facebook & Twitter

Follow on TwitterFollow IBJ on Facebook:
Follow on TwitterFollow IBJ's Tweets on these topics:
thisissue1-092914.jpg 092914

Subscribe to IBJ