The Social Security numbers, grades and other personal information of more than 40,000 former University of Hawaii students were posted online for nearly a year before being removed this week.
University officials told the Associated Press that a faculty member inadvertently uploaded files containing the information to an unprotected server on Nov. 30, 2009, exposing the names, academic performance, disabilities and other sensitive information of 40,101 students who attended the flagship Manoa campus from 1990 to 1998 and in 2001.
A handful of students from the West Oahu campus were included in the security breach.
UH-West Oahu spokesman Ryan Mielke said there was no evidence that the faculty member acted maliciously or that any of the information was used improperly.
The faculty member, who retired from the West Oahu campus in June, was conducting a study of the success rates of Manoa students, and believed he was uploading the material to a secure server.
The university apologized for the incident, saying it was investigating how it happened. It was notifying the former students by e-mail and letters, and has also alerted the FBI and Honolulu police.
“We are troubled (and) determined to notify everyone according to law and committed to do everything possible in the future to prevent this from happening,” UH system spokeswoman Tina Shelton said.
The incident is the third major information breach in the UH system since last year. Each time, university officials promised it was strengthening its network systems and working to identify other potential security risks.
In the latest breach, UH immediately removed the exposed files and disconnected the server from the network when it was notified of the information breach on Oct. 18 by Aaron Titus, information privacy director of Liberty Coalition, which is a Washington-based policy institute.
Google cleared its caches late Thursday, some 11 months after the information was first put online.