Data Security Lapse Exposes Info of 7,500 UMW Students

Social security numbers, other info found accessible on campus network.

A lapse in information security procedures at the University of Mary Washington left personal information of more than 7,500 students exposed on an internal university computer network. 

A data file containing sensitive information, such as student names, social security numbers and dates of birth, was accidentally posted to a university department site on the EagleNet intranet, a network accessible only to those with UMW email accounts. Despite the vulnerability of the data file, network logs show that the files were only accessed by three students innocently searching for their own information, say university officials.

UMW alerted faculty, staff and students of the security lapse in messages as early as June 3, nine days after the data file was discovered. Staff at the university public affairs office are declining to identify the department or individual responsible for posting the data file. 

"It's immaterial who posted this particular information," said George Farrar, director of communications at UMW. "We want everyone to take notice that it's everyone's responsibility to maintain the proper degree of access to that type of information."

A memo to faculty and staff sent in the wake of the data security lapse asked employees to review the school's information security policies

Farrar says that the snafu was discovered on May 23 by a student who was searching for his own information on EagleNet. The data file contained information for a total of 7,566 students. In addition to sensitive identity information the data file also contained directory information for internal use within the university administration. Farrar did not have on hand information about how long the data files were exposed. 

"The student proactively and responsibly reported this fact to university officials and immediate steps were taken to prevent further access to this information and to remove the files from the departmental EagleNet site," read a memo to faculty and staff on the incident. 

University staff spoke with the three students who had accessed the files and determined that the students had no malicious intent and the information wasn't used for identity theft. 

Despite this, a memo sent to students provided contact information for the three major credit bureaus so that students could review their credit histories. 

Katherine Arens June 08, 2011 at 09:57 PM
No the first time UMW has slipped and allowed access to personal data. UMW can not 'fix' what's been done, but can offer one free year of a credit watch program to all those affected by the slip up. It's unacceptable. If you cannot keep the information secure, don't require it.


More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something
See more »