University of Florida Exposes 415 Student Social Security Numbers OnlineFOR IMMEDIATE RELEASE: November 19, 2007
Media Contact: Aaron Titus
GAINESVILLE, Florida. On November 15, 2007, the Liberty Coalition discovered 14 separate files on the University of Florida Computing and Networking Services (CNS) website containing sensitive information for 534 former University of Florida students, including 415 social security numbers. All affected individuals appear to be former students of Richard A. Elnicki, D.B.A., Professor Emeritus in ISM 4220 and 4330 between 1998 and 2001.
The University of Florida Office of Information Technology, Computer Networking Services, and the FBI were notified of the breach. The files were taken down immediately by University officials, and they took steps to ensure that major search engines cleared their caches of the sensitive information.
The files were posted on an online file server that requires a password to upload files, even though the public can download the files without a password. Although the Liberty Coalition was unable to contact Professor Elnicki directly, past experience has shown that university faculty occasionally mistakenly believe that files uploaded to these types of servers are secure, or at least not available to the public.
The server indicated that many of the files had been online since 1998. Considering the files have gone undetected for up to nine years, even though they apparently sit on a CNS server, the University of Florida's failure to detect these files seems especially shocking. Students affected by this breach are at severe risk of identity theft.
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.