Montana State University Exposes 42 Employees' SSNs OnlineFOR IMMEDIATE RELEASE: January 16, 2008
Media Contact: Aaron Titus
On November 1, 2007 the Liberty Coalition discovered an Excel file on the Montana State University Website containing personal information of university employees hired in August, 2006. The file is labeled "New Hire Report Aug 16, 2006," posted by MSU Bozeman Personnel & Payroll Services: 19 Montana Hall, PO Box 172520, Bozeman, MT 59717-2529. The file contains the complete social security numbers, names, street addresses, and hire dates for roughly 42 University of Montana employees. According to the MSU Press release,
"...an independent security analyst [Liberty Coalition] informed university data security staff that an Excel spreadsheet with the names and Social Security numbers of 42 people -- mostly new hires during the summer of 2006 -- was available on the MSU Web site. The spreadsheet was immediately removed."
By posting this information online, Montana State University has put these individuals at extreme risk of identity theft.
University officials removed the file immediately upon notice, and conducted an investigation. However, the university has not released the results of that investigation to the Liberty Coalition.
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.