Exposure Statistics*

U. Hawaii Institutional Research Office
Sinclair Annex 2, Room 4
1633 Bachman Place
Honolulu, HI 96822-2301
(808) 956-6000

http://www.uhwo.hawaii.edu/idalert
Discovered: October 6, 2010
Records Exposed: 53,561
Unique Names: 43,021
Sensitivity: Extreme
Duration: Less Than One Year
Distribution: Exposed Online
Files Exposed: 15

Sensitive Information

SSNs: 39,842
Dates of Birth: 41,397

Other Types of Exposed Information

Begin Date
Case Score
Enroll Status
Exam I Score
Exam II Score
Other Dates and Codes
Other Dates and Information
Other Indicators
Student ID
Transfer Date
Transfering College
Unidentified Code
Unidentified Date in December 1994
University
US ID Number

University of Hawaii Manoa Breaches 40,101 Alumni SSNs

FOR IMMEDIATE RELEASE: October 28, 2010 UPDATED: November 20, 2010

Media Contact: Aaron Titus
(202) 681-1686

HONOLULU, Hawaii. The University of Hawaii-Manoa and has breached the personal information of 40,101 students who attended between 1990-1998 and 2001 and West Oahu in the fall of 1994, or who graduated between 1988-1993. The information included names, social security numbers, dates of birth, addresses, demographic, and detailed academic performance data. These UH students are at increased risk of identity theft and fraud. The information was posted on an insecure, unencrypted University of Hawaii-West Oahu (UHWO) website for almost a year. This latest breach follows on the heels of a May, 2010 breach involving 53,000 students, and a 2009 breach involving 15,487 parents and students. You may Download the MP3 of the Liberty Coalition's Nov. 3, 2010 Press Conference.

The vast majority of the breached information was placed online on November 30, 2009 at 2:46pm by a now-retired Institutional Research Office (IRO) faculty member, as a part of a study to figure out why students drop out. The faculty member had intended to use the information to replicate a 15-year-old study, but he retired before completion. He also said he had transferred large amounts of student information to his home computer for easier access. He deleted the remainder of this information after this breach came to light. The University of Hawaii has not commented on whether other faculty members student personal information to their home computers.

The majority of the 40,000+ records are in-depth student statistical data including things like Gender; Marital Status; Number of Dependent Children; Existence of a Physical, Hearing, Mobility, Learning, Psychological, Visual Disability or Traumatic Brain Injury; and Highest Level of Education Attained by each Parent. Three of the other names and SSNs were in a grading sheet from a 2006 PSY 606 class.

The Liberty Coalition discovered the files using a Google search. University officials took the files offline within hours after the Liberty Coalition alerted them, immediately began an internal investigation, and reported the incident to the FBI and local law enforcement. University officials have issued a media release about the breach and mailed letters to the last known addresses of victims.

The Registrar's Office encourages students to report breaches of the Family Educational Rights and Privacy Act to the U.S. Department of Education Family Policy Compliance Office: 400 Maryland Avenue, SW, Washington, DC 20202-4605. PH: (202) 260-3887 or FAX: (202) 260-9001. Students may also ask for a hearing before the Dean of Students by completing FERPA Form 7. Some alumni have started a victim's Facebook Page

Alumni can do the following things:

  1. Get a credit report.
  2. Report unauthorized activity to your financial institutions, the University and to law enforcement.
  3. They may not do it, but request that your information be purged from the university's systems.
  4. Report this breach to the U.S. Family Policy Compliance Office.
  5. Request a hearing before the Dean of Students
  6. Visit the University's Alert
  7. Ask your legislature to hold UH accountable
  8. Demand an independent security audit of all departments and systems.
  9. In addition to names, social security numbers and dates of birth, some or all of the following information was breached for each student:

    • Gender
    • Ethnicity and Native Hawaiian Status
    • Home Language
    • Marital Status
    • Number Of Dependent Children
    • Dependents In Household
    • Existence of a Physical, Hearing, Mobility, Learning, Psychological, Visual Disability or Traumatic Brain Injury
    • Highest Level of Education Attained By Father
    • Highest Level of Education Attained By Mother
    • Citizenship
    • Veteran Status
    • Financial Aid Status for Each Term
    • High School GPA, Rank, and Name
    • Last College(s) Attended
    • Transfer Information
    • SAT Verbal & Math Scores
    • TOEFL Score
    • Detailed Information on GPA and Credit Hours
    • Academic Major and Minor
    • Employment Status While Attending
    • Primary Objective In Attending Manoa
    • Highest Degree Intended
    • Primary Place Of Residence While Attending
    • Primary Source Of Funds For College
    • English Proficiency and Placement
    • Degrees Earned
    • Performance in English, Writing, Math & History
    • Faculty-Staff, Institutional, Military, Pacific-Asian, EWC Grantee, Hawaiian and Appeal Exemption Statuses
    • Hours Employed per Week
    • Housing Status: Off-campus, On-campus, With Family or Relatives
    • Reason for Going to College
    • Sports
    • Aid Received

    Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.

    About NationalIDWatch.org

    National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
    Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.

Do Another Search

All Press Releases