Wright State University Prof Posts 395 Grades, 38 Partial SSNs OnlineFOR IMMEDIATE RELEASE: March 21, 2008
Media Contact: Aaron Titus
DAYTON, Ohio. The Wright State University Computer Sciences Department has posted the names and last five digits of 38 students' social security numbers on their website. All of the students affected seem to be former students of Dr. Junghsen Lieh, Ph.D. who took Materials Engineering courses between 1997 and 2005. In addition to the partial social security numbers, the individual scores and grades for roughly 395 students are also posted online for more than a year.
According to Dr. Lieh, the files were made during a large backup a corrupted and damaged PC in March 2006, though many of the files are considerably older than that. This breach falls within a common national pattern of faculty who use online university servers to back up files, some of which may be sensitive in nature. The Liberty Coalition notified Dr. Lieh, the Wright State University General Counsel on January 1, 2008. Though the files were deleted from the server within 24 hours after notification, copies remained available through Yahoo's search engine cache until late March, 2008.
Much of the information exposed in this incident may be protected by FERPA. In addition, the last four or five digits of the social security number are used by some financial institutions and businesses to extend credit, or as passwords.
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.