Virginia Tech Profs Post 128 SSNs OnlineFOR IMMEDIATE RELEASE: July 21, 2008
Media Contact: Aaron Titus
BLACKSBURG, Virginia. In a breach of personal student information almost identical to the one reported in September 2007, professors "erclark1" and "shugart" posted personal information for 250 students on Virginia Tech servers, including 128 social security numbers and 111 partial social security numbers. The files were discovered and deleted in December 2007, but the Liberty Coalition waited several months before announcing the breach, to make sure search engine caches cleared. The breached files were created in September 2000 and Spring of 1998, and could not have been posted before that time.
The first file, survey00A.xls was created September 4, 2000 by "dixie" in the "Virginia Tech- Ag Econ" department, and last saved by "Erica Clark." The file appears to be a classroom study that measured student participation in class and student organizations, hours worked, educational goals, and academic interest areas.
The second file, gradesvsattendance.xls, was a grading sheet for Math 2224-5417, in Spring 1998. It includes Test Scores, Attendance, and Quiz Scores.
This breach falls within a common national pattern where university faculty make wholesale backups of old student information, much of which was created when universities used social security numbers as student IDs. Virginia Tech should conduct ongoing scans of both text and non-text files in their possession to root out sensitive personal information before it is indexed by major search engines.
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.