Server Error Exposes Thousands of University of Tampa Students
A server breach at the University of Tampa went undiscovered for nine months, putting the confidential personal information of thousands of students, including their Social Security numbers, at risk and possibly exposing faculty and staff members as well.
In a March 19 statement posted on the school's website, the University of Tampa explained that due to a "server management error" last July, a file containing records of 6,818 fall 2011 students had been made publicly accessible and indexed by Google. The file, which was viewable until its discovery, included each student's name, date of birth, campus identification card number and Social Security number.
The breach was discovered by two students March 13 during an in-class lesson on advanced search techniques.
A university spokesperson told SecurityNewsDaily the investigation into the incident is ongoing.
The university determined that the server error also may have exposed two more files hosting the same sensitive data, as well as photos, of an additional 22,722 students, faculty and staff members. These files, the university stressed, were not indexed by Google and had been viewed only by the two students who reported the breach.
"We believe, therefore, there is minimal or no risk to students and employees in these two files," the university said.
It is possible that an attacker could leverage the information found on these servers to commit identity theft and credit card fraud, the university warned, but the files contained no financial information.
All three compromised files are no longer publicly accessible or searchable, and the university said its staff analyzed its lab computers to make sure the data were not stored on the computer or the school network.