RSS Alerts

Downloads

Related Links

Related Stories

  • Penn State data may have been exposed
    This week the Pennsylvania State University sent data breach notification letters to 15 806 individuals who at one time had their personal information, including Social Security numbers, stored in a university database.
  • EWU exposes 130 000 student records
    Eastern Washington University has notified present and former students of a massive data breach of its systems that could affect up to 130 000 people.
  • Identity Theft 911 looks at identity theft in educational environments
    Lapses in data security at major colleges and universities across the USA over the past four years have exposed tens of millions of personal records of students, alumni, faculty and staff and put them at risk of identity fraud and theft, according to a report from Identity Theft 911, the ID theft resolution service.
  • A Breach too Far
    How much do data breaches really damage organizations financially – and why don’t we want to hear about it? Danny Bradbury investigates
  • Aetna boots data breach class action suit
    Health insurer Aetna has succeeded in having a class-action lawsuit over an alleged security breach dismissed.

News

Florida university notifies students and faculty of possible data exposure

23 June 2010

Students and faculty at Florida International University are being sent notification letters regarding the potential compromise of personal data stored in a university database.

Florida International University is in the process of sending notification letters to 19 407 students and 88 faculty members after the university’s IT Security Office discovered personal data may have been exposed over the internet via a database’s external search function.

The possible breach was uncovered in early May 2010 after the IT Security Office conducted a review of an unrelated hacking incident against the FIU College of Education website. According to the notification letter obtained by Infosecurity, the office found the “existence of a database containing sensitive information that did not reside in a secure computing environment”.

An announcement posted on the FIU website lists the personal data as GPAs, test scores, and Social Security numbers that were stored on the College of Education’s E-Folio software app. This database kept track of student data related to state mastery standards, grade tracking, assignments, and Social Security numbers for both students and faculty.

FIU was required to notify affected students and faculty, and both the notification letter and web announcement provided information on credit monitoring. The university stated that it is not aware of any attempts to use the information.

“Upon discovery, the University IT Security Office and the College of Education took immediate steps to remove the database from any external search capability, and to prevent the recurrence of any other data security breach involving this information”, noted the letter, which an FIU spokesperson said are currently being mailed to those affected.

 

This article is featured in:
Compliance and Policy Data Loss

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water