Indiana University Reports BreachInformation on 146,000 Students Potentially Exposed
Indiana University reports that information on approximately 146,000 students and recent graduates was compromised after the data was accessed by three automated computer data mining applications, known as webcrawlers, used to improve Web search capabilities.
The university notified the Indiana attorney general Feb. 25 about the incident.
Potentially exposed information includes Social Security numbers, names, birthdates, addresses, and enrollment and degree information for students and recent graduates across seven IU campuses who attended the university from 2011 to 2014, the university says in a statement.
"The university has no evidence that the files have been viewed or used for inappropriate or illegal purposes," the statement says.
"IU takes the security of all its data, especially the personal information of its students, extremely seriously and apologizes for any concern this issue may cause among our students and their families," says John Applegate, executive vice president for university academic affairs. "The university also is committed to assisting those whose information was potentially exposed."
Indiana University is notifying individuals affected and has set up a call center to handle questions. An online FAQ posting offers details.
The university at this point isn't offering credit monitoring services. "We have no evidence that anyone's data has been accessed by individuals," a spokesperson says. "This wasn't a targeted attack, but rather a case where data was left unencrypted and was indexed by a webcrawler."
The breach comes a week after an incident at the University of Maryland that potentially exposed 310,000 records (see: Univ. of Maryland Reports Major Breach). That incident was due to a "sophisticated computer security attack," which compromised Social Security numbers and other information, university officials said.