University posts info of 40K students

“During that time, theoretically, anybody with an Internet connection could have had access to it. How likely that is … is anybody’s guess,” said Titus, who discovered the files under a Google search.

Titus said the university’s statement that it has no evidence that the personal information was used maliciously was somewhat misleading.

“Of course they don’t have any evidence of misuse, because the bad guys wouldn’t tell them if they had,” Titus said.

UH President M.R.C. Greenwood has discussed the issue with all the chancellors in the 10-campus system, emphasizing the policy regarding security and protection of sensitive information.

UH has setup a call center and website for individuals who may have been affected. Those who might be affected by the breach were advised to obtain a credit report and to review financial statements to look for unusual activities.

The university system’s other major breaches include this summer’s incident involving the personal information of 53,000 people — including 40,000 Social Security numbers — who had business with the Manoa parking office.

Last year, more than 15,000 students at Kapiolani Community College were warned after an infected computer compromised their information on financial aid applications.

“There is absolutely no way that we can say this will never happen again, but we are taking every step that’s possible to make sure it doesn’t happen,” which includes upgrading security systems and additional training, Shelton said.

Titus said the university could’ve caught the latest mishap much earlier and quickly blocked any access if it regularly scanned its server for personal information, which takes software that’s readily available.

“That wheel has been invented at low cost,” Titus said.

"(Required)" indicates required fields