University leaves student data exposed for 11 months

The names, addresses, and Social Security numbers of 146,000 students and recent graduates of Indiana University (IU) may have been exposed after the data was kept in an insecure location for nearly a year.

indiana-university-data-breach“This is not a case of a targeted attempt to obtain data for illegal purposes, and we believe the chance of sensitive data falling into the wrong hands as a result of this situation is remote,” said James Kennedy, associate vice president for financial aid and university student services and systems at IU, in an announcement.

The data breach was found last week by an employee in the university’s registrar’s office.

The data, which concerns students who attended the university’s seven campuses between 2011 and 2014, was not accessed by any “unauthorized individual looking for specific sensitive data,” the university said.

It was, however, accessed by three data mining internet bots, called webcrawlers, used for web indexing on the search engines Google, Scirus, and Baidu.

IU moved the data to a secure location and notified the state’s attorney general. Students and graduates were alerted of the issue late Tuesday.

Do you have a cloudy view of today’s data centers?

People whose data was accessed by the webcrawlers will be notified this week.

The university launched a website offering information on how to monitor credit accounts, and it will also establish a call center by Friday to field questions from anyone whose data was exposed.

Some students and graduates expressed frustration that IU waited until this week to alert students of the breach.

“Let me get this straight,” one recent graduate wrote on Facebook Tuesday. “IU goes crazy with notifications any time there is severe weather or any sort of crime on campus, but has yet to notify students that over 140,000 files including SSNs were breached?”

Latest posts by Jake New (see all)