University of New Mexico Breach Affects 333 Former StudentsFOR IMMEDIATE RELEASE: December 7, 2007
Media Contact: Aaron Titus
ALBUQUERQUE, New Mexico. In early November, 2007, the Liberty Coalition discovered 31 separate files containing sensitive information for 333 students who took math courses from Associate Professor Vakhtang Putkaradze between Fall 2001 and Fall 2004 at the University of New Mexico. The files appear to contain full names, 177 partial social security numbers, 190 e-mail addresses, and grades for all 333 students. The last four digits of a person's Social Security Number is used by businesses to extend credit, and may be used by some financial institutions as a password or identifier. By placing this information online, the University of New Mexico has put these students at an elevated risk of identity theft. In addition, much of the exposed information may be protected by FERPA or other applicable laws.
Information provided publicly by the University of New Mexico's server indicates that the files have been online since as early as 2001.
UNM immediately deleted the files in question, but some remained available in search engine caches into December, 2007. According to one University of New Mexico official, the university is attempting to contact the affected students, most of whom are no longer at UNM.
University of New Mexico recently activated Google indexing for the campus website, making UNM pages more visible than they once were. The UNM official explained,
"We have notified the departmental IT staffs and asked them to take a careful look at their public data.... We do include a discussion of sensitive data in all new faculty orientations at UNM; however, this material was apparently not added to the new faculty orientation until after Professor Putkaradze arrived on campus. We are reviewing this material and ways to ensure that all faculty at UNM are aware of their obligations to protect student data. UNM takes the protection of private student data very seriously. As much as I would prefer that we did not have incidents like this, I am very grateful that you alerted me to this problem."
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.