Indiana University reports potential data exposure

The names, addresses and Social Security numbers of approximately 146,000 students and recent graduates of seven Indiana University campuses may have been inadvertently exposed, the university said Tuesday.

The university said it notified the Indiana attorney general's office of the potential exposure Tuesday and was taking steps to help those affected with credit monitoring.

The data was accessed by three automated computer data-mining applications, called webcrawlers, used to improve Internet searches, the university said.

The university said it has found no evidence that the files were viewed or used for inappropriate or illegal purposes. It said it will begin notifying all of the affected students this week.

IU "apologizes for any concern this issue may cause among our students and their families," John Applegate, executive vice president for university academic affairs, said in a prepared statement. "The university also is committed to assisting those whose information was potentially exposed."

By 8 a.m. Friday, the university will set up a call center to handle questions from anyone whose information was potentially placed at risk. The phone number is 866-254-1484.

IU also said it has set up a website with information on how to monitor credit accounts and answers to other questions regarding the potential exposure. It also will provide the Social Security numbers and names of those affected to the three major credit-reporting agencies.

The data had been stored insecurely for 11 months until a staffer of the registrar's office discovered the problem last week, the university said. The site was locked down and the information moved to a secure location the following day, it said.

The problem occurred after a change last March in the security protections for the site that housed the information. A review of access logs determined the data was downloaded only by the three automated webcrawling programs. The nature of the data contained in the files had been masked.

"This is not a case of a targeted attempt to obtain data for illegal purposes, and we believe the chance of sensitive data falling into the wrong hands as a result of this situation is remote," James Kennedy, associate vice president for financial aid and university student services and systems, said in a statement.

Please enable JavaScript to view this content.

Story Continues Below

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our updated comment policy that will govern how comments are moderated.