A security lapse at Indiana University exposed the personal information of about 146,000 current students and recent graduates, according to a news release from the university. The good news, it seems, is that while the information was temporarily unprotected, the university says there is no indication that it was viewed or downloaded for illegal purposes.
The university is notifying those whose information was stored on the site, which includes students who attended or graduated from seven IU campuses (there are eight) between 2011 and 2014. Information stored included names, addresses and Social Security numbers.
The data had been stored in an insecure location for 11 months, after security protections for the information were changed in March 2013. A university staff member discovered the security failure Feb. 21 when accessing the files for internal use, according to the news release, and a review of the issue revealed that the data had been downloaded only by webcrawlers, Internet bots that scan and index the Internet as a way to improve search results.
“The files in question were safeguarded to mask the nature of the data contained in them,” the news release said of the data downloaded by the webcrawling programs.
In addition to contacting the affected students and providing instructions for how to monitor their credit, the university has provided the credit reporting agencies with the Social Security numbers and names that were possibly exposed as a result of the security failure.
Based on the information provided by IU, this breach is different than the one reported at the University of Maryland earlier this year, in which university networks suffered a major cyberattack. Names, birth dates, university ID numbers and Social Security numbers of more than 300,000 students, faculty and staff were compromised in that breach.
While university officials say it’s unlikely any current or former students will experience fraud or identity theft as a result of the security lapse, the situation serves as a reminder for consumers to frequently monitor their personal information and financial accounts. By regularly reviewing your credit reports (you can do this for free once a year), you will be able to see if anyone has opened accounts using your personal information, and watching your credit scores will help you notice a sudden change in scores, which may indicate fraud. You can get your credit scores for free using the Credit Report Card.
More on Identity Theft:
- Identity Theft: What You Need to Know
- How Do I Dispute an Error on My Credit Report?
- 3 Dumb Things You Can Do With Email
- The Risks You Face From Identity Theft
- How Can You Tell If Your Identity Has Been Stolen?
- What Should I Do If I’m a Victim of Identity Theft?
- How Credit Impacts Your Day-to-Day Life