Colorado State Exposes Student Info Online... Again.FOR IMMEDIATE RELEASE: May 14, 2008
Media Contact: Aaron Titus
FORT COLLINS, Colorado. In a student personal information breach almost identical to their January 2008 exposure, the Colorado State University Warner College of Natural Resources posted the names and social security numbers of 204 students online. The files were posted on the same online server, in the same sub-directory, in files of the same type, and affected students of the same faculty member as the breach several months ago. The university removed the files within one hour of notification, and worked with search engines to remove the data from their caches, and will be notifying affected individuals within the next few days.
In all, the online files contained 625 unique names, and more than 200 social security numbers and passwords. All of the affected individuals appear to be former students of Indy Burke.
In an e-mail to the Liberty Coalition, a University official explained that,
"Colorado State University takes personal privacy very seriously, and has policies against maintaining unencrypted files containing sensitive information. ... The web server [in question] was scanned in January , at which time it was confirmed to be free of files containing personally identifiable information. The files ... were placed on the server subsequent to that scan.Students whose social security numbers have been posted online are at severe risk of identity theft.
"The College is implementing a plan to regularly scan its web sites for personally identifiable information as a result of the latest breach, and the University is advancing its awareness and educational campaigns to stress the importance of protecting sensitive information.
"The University will be notifying the individuals whose identities were potentially exposed in the next few days."
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.