University of Nebraska-Lincoln Prof Posts Students' SSNs OnlineFOR IMMEDIATE RELEASE: May 21, 2008
Media Contact: Aaron Titus
LINCOLN, Nebraska. A University of Nebraska-Lincoln Math professor posted personal information for roughly 300 students, including what appear to be 46 Social Security Numbers and 141 Partial Social Security Numbers, on the Math Department's web server. The information appears to belong to current and former students of Steve Dunbar. Most of the sensitive information is stored in Excel files that also contain student grades, scores, enrolled status, and other educational information.
The 19+ files containing sensitive personal information were discovered in mid-January, 2008, and most appear to have been online for more than a year. The university deleted the files within 24 hours of notification, but cached versions of the files remained available through major search engines through mid-May, 2008. UNL officials have not indicated whether they have complied with Nebraska state law in notifying affected individuals "as soon as possible and without unreasonable delay" (Neb. Rev. Stat. §87-803(1)).
The Liberty Coalition pointed UNL officials to an ID Theft Prevention Presentation on its own website, which explains exactly what to do in case of identity theft or breach: "1. Try to prevent it from happening. 2. Discover it quickly if it does happen. 3. Report it if it happens." Based on this university policy, we hope that UNL has notified affected students. The same presentation also details other precautions University Faculty should take, many of which would have prevented this breach. They include "Restrict[ing] physical access to data," "Secur[ing] departmental servers," "...paying close and continuous attention," "Handle [Social Security Numbers] with Care," and Encryption.
By placing this information online, the University of Nebraska-Lincoln has put these students at elevated risk of identity theft.
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.