IU says no victims reported in data breach

Indiana University has shut down a call center line it opened in response to a computer data breach that exposed personal information about 146,000 current and former students.

The university closed the line on June 30 and hasn't received reports that anyone's identity was stolen in connection with the exposure discovered in February, IU spokesman Mark Land told The Herald-Times.

University officials said that information such as names, addresses and Social Security numbers of those who attended any of IU's campuses from 2011 to 2014 was unsecured for more than 11 months because security protections weren't working correctly.

The student data was encrypted so it couldn't be read easily and was accessed by three automated computer data mining applications, called webcrawlers, according to university officials.

The school's response to the data breach cost about $130,000, including nearly $57,000 for the call center, according to Land, who also said IU employees spent more than 1,000 hours working on the problem.

The call center began in late February and received about 1,000 calls, mostly in the first few weeks after notifications were sent out by email or letter to those affected, Land said.

The breach was reported to the state attorney general's office and that university officials have increased staff training and worked to raise awareness about such issues with all employees, Land said.

Please enable JavaScript to view this content.

Story Continues Below

Editor's note: IBJ is now using a new comment system. Your Disqus account will no longer work on the IBJ site. Instead, you can leave a comment on stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Past comments are not currently showing up on stories, but they will be added in the coming weeks. Please note our updated comment policy that will govern how comments are moderated.