University Of Hawaii Data Breach Exposes 40,000 Student Records

The University of Hawaii at Manoa suffered a major data breach that exposed the confidential records of more than 40,000 former students.

Altogether, the breach exposed the Social Security numbers, grades, birth dates and other personally identifying information belonging to the University's former students.

The exposed student information was posted online for more than a year before being taken down this week. The Liberty Coalition, a Washington D.C.-based nonprofit organization, first notified university officials regarding the breach on Oct. 18, prompting the school subsequently to remove the files and disconnect the affected server from the network.

The data breach was traced to a faculty member, who accidentally uploaded the files that contained personal student records to an unencrypted Web server Nov. 30, 2009. The files contained such sensitive information as names, academic performance, disabilities and other information for 40,101 students who attended the university between 1990 and 1998 and also in 2001.

Sponsored post

In addition, students who attended UH's West Oahu campus during the fall of 1994 or graduated between 1998 and 1993 also may have been affected.

Next: Breach Investigation Underway

University officials apologized for the incident, maintaining that they had no reason to suspect that the faculty member acted maliciously. The faculty member, who retired from the UH West Oahu campus in June, had been conducting a study of the success rates of students attending the Manoa campus from 1990 to 1998 and in 2001, and was unaware he was uploading the information to an unprotected server, officials said.

Both the Federal Bureau of Investigation and the Honolulu Police Department have been notified and have embarked on an investigation of the incident. Meanwhile, the university is notifying affected individuals via e-mail and letters, and set up a call center and Website to convey information about the breach and answer questions.

The school also advised potentially affected individuals to obtain a credit report and review financial statements for suspicious activity. University officials claim there was no evidence that anyone's information was used for identity theft or other nefarious purposes.

The breach is the second in less than six months affecting the UH system. Another breach, occurring this summer, involved the personal information of 53,000 people, including 40,000 Social Security numbers, connected to the Manoa parking office. In addition, a third breach, which occurred last year, compromised the financial aid information of more than 15,000 students residing on an infected computer at Kapiolani Community College.

To prevent a future occurrence of yet another breach, UH officials said that the system as a whole is taking a more proactive stance to beef up security measures.