Auburn University is notifying more than 364,000 current, former and prospective students – as well as applicants who never enrolled in or attended the university – that their personal information was inadvertently accessible via the internet.
How many victims? 364,012.
What type of personal information? The information varied depending on the individual, but included names, addresses, dates of birth, Social Security numbers, email addresses and academic information.
What happened? The personal information of current, former and prospective Auburn University students – as well as applicants who never enrolled in or attended the university – was inadvertently accessible via the internet.
What was the response? Auburn University secured its system and launched an investigation, which is ongoing. The university is conducting a review of its data storage practices and policies. All potentially impacted individuals are being notified, and offered two free years of credit monitoring and identity protection services, as well as lifetime access to fraud resolution services.
Details: Auburn University became aware of the issue on March 2. The information was accessible via the internet between September 2014 and March 2. Auburn University is unaware of any attempted or actual misuse of any personal information as a result of the incident.
Quote: “The exposure resulted from configuration issues with a new device installed to replace a broken server,” according to a notification posted to the Auburn University website.
Source: ocm.auburn.edu, “Data Security Incident Information,” April 3, 2015; ocm.auburn.edu, “Frequently Asked Questions,” April 3, 2015.