TRENDING:

Univ. of Tampa Breach Affects 30,000

Social Security Numbers Exposed Jeffrey Roman (gen_sec) • March 23, 2012    
Univ. of Tampa Breach Affects 30,000

A server management error caused a data breach at the University of Tampa that affected nearly 30,000 students.

See Also: Why Active Directory (AD) Protection Matters

In a statement posted to its website, the university explains that a text file was exposed via the university's website from July 12, 2011 through March 13, 2012. Also, two databases on the university's internal servers were potentially accessible through the school's network, but were not indexed by Google or any other search engine.

The university's office of information technology was informed about the first exposed text file on March 13, after the compromised file was discovered during an in-class exercise using the university's lab computers. The file contained 6,818 records of students who were enrolled for the fall 2011 semester by July 12, 2011. Information contained in the file included name, university identification number, Social Security number and date of birth.

So far, there's no evidence the text file has been used maliciously, the university says. The text file had also been cached by Google in its search engine and was quickly removed; Google verified the removal once it was completed.

The university later learned during its investigation that two databases containing information on 22,722 students also were exposed. The databases contained student names, university identification numbers, Social Security numbers and photographs.

Upon investigating associated logs for the databases, the IT department learned that one student accessed the database files on March 13, who, along with another student, made the initial report to the university about the exposed files.

"Those students met promptly with university representatives and allowed IT staff to search the computer and storage device to ensure the database files were eliminated. Based on our investigation to date, UT administrators believe there is no risk to students and employees in these two database files," the statement explains.

Breach Response

The university is notifying only the 6,818 students whose information was cached in the Google search engine, and is offering to pay for credit monitoring services for those who choose to enroll. The statement did not indicate for how long the credit monitoring service would be paid.

In a letter to alumni, the university stated, "Based on our investigation to date, UT administrators believe there is no risk to former students and employees in these two database files. The data breach only impacts students enrolled for Fall 2011 by July 12, 2011."

An investigation into the incident is ongoing, and the university will review its current information security policies and practices, according to the statement. The university also is evaluating a third-party proposal to review information technology security and procedures.

Previous
Key Components of a Social Media Policy
Next
Healthcare Breach Tally: 409 Incidents

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.