On September 9, 2007 the Liberty Coalition discovered two Excel files on a University of Tennessee, Martin website containing personal information for 240 former high school students who are now between 18-21 years old. The file with the most sensitive information contains 41 names, Social Security Numbers, addresses, high schools, and age, sex, race, and other personal information for 2004 Tennessee Governor’s School for the Agriculture Sciences applicants. The Governor’s school is a summer program for gifted and talented high school students. The files, online since at least September 2006, expose information protected by FERPA and also put these students at severe risk of identity theft. The exposure was reported to the FBI.
In addition, the online folder contained large quantities of potentially sensitive or protected academic information, such as writing samples, student applications, academic competition scores, and the like. Some files appear to have been posted for a year or more.
According to the official University of Tennessee at Martin Press Release,
“The information was posted accidentally by a UT Martin faculty member, who had backed up files to a publicly accessible server. The 41 applicants are being notified initially by telephone and e-mail and will be contacted again by letter. Additionally, the names and academic information for fewer than 100 university students were posted to the link; Social Security numbers were not associated with these names. These students, who were enrolled in agriculture and natural resources classes, are being contacted and advised of the situation.
“…For questions about the 41 Governor’s School for the Agricultural Sciences applicants, call Dr. Jerry Gresham, 731-881-7262; and for UT Martin students who have questions about the accidental release of academic information, call the Office of Academic Records, 731-881-3050.”
The files were inadvertently posted by Timothy N. Burcham, P.E., Ph.D., Master of Science in Agricultural Operations Management Graduate Coordinator, as an effort to back up a computer. Because the online file system at UTM required a password, the faculty member mistakenly believed that the files were not available to the public.
The university acted quickly (after business hours) to remove the files once they were notified, and the University was able to successfully clear several major search engine caches. UT IT staff is or was in the process of identifying 12 separate IP addresses that accessed the sensitive information, including one Chinese IP address. Tennessee does have a breach notification law in the instance of Social Security Numbers, and to their credit, they have decided to notify individuals whose grades or scores have been exposed, even though they’re not required to do so by law.
Individuals who applied for the 2004 Tennessee Governor’s School for the Agricultural Sciences, from the following high schools may be at special risk of identity theft, and should search for their names at ssnbreach.org right away, to find out whether they were affected:
- Adamsville High School
- Big Sandy High School
- Blackman High School
- Bledsoe County
- Bolivar Central High School
- Bolton High School
- Brentwood High School
- Brighton High School
- Bruceton Central High School
- Camden Central High School
- Chatt Arts/Sci
- Collierville High School
- Columbia Central High School
- Columbia Central High School
- Cornersville High School
- Covington High School
- Craigmont High School
- Creek Wood High School
- Crockett County High School
- Culleoka High School
- Culleoka High School
- Davidson Academy
- Dickson County High School
- Dresden High School
- Dyer County High School
- Dyersburg High School
- Fairview High School
- Forrest High School
- Franklin County
- Fred J. Page High School
- Gallatin High School
- Germantown High School
- Gibson County High School
- Gordonsville High School
- Greenfield High School
- Halls High School
- Hardin County High School
- Harpeth High School
- Haywood County High School
- Hendersonville High School
- Henry County High School
- Hermitage Springs High School
- Hillsboro High School
- Huntingdon High School
- Kenwood High School
- Lawrence County High School
- Lewis County High School
- Liberty Tech Magnet HS
- Madison Academic Magnet HS
- Marshall County High School
- McEwen High School
- McKenzie High School
- McMinn Central High School
- McNairy County Central H.S.
- Montgomery Central High School
- Morristown-Hamblen
- Mt Pleasant High School
- Munford High School
- Nashville Christian High School
- North Side High School Jackson
- Northwest High Clarksville
- Oak Ridge High School
- Obion County Central High School
- Ooltewah High School
- Peabody High School
- Polk County High School
- Ripley High School
- Riverside High School
- Rossville Academy
- Santa Fe High School
- Science Hill High School
- Siegel High School
- South Fulton High School
- South Haven Christian School
- Spring Hill High School
- St. Andrews-Sewanee School
- Stewart County High School
- Tipton-Rosemark Academy
- Union City High School
- Upperman High School
- Wayne County High School
- Webb School High School
- West Carroll High School
- Westminster Acad.
- Westview High School
- White House High School
- White Station High School
- Wilson Central High School
- Zion Christian Academy
You can confirm whether you were affected by this breach by searching for your name at www.ssnbreach.org.
Source: www.ssnbreach.org.
About SSNBreach.org
SSNBreach.org is a free online directory of victims of personal information breach, that tells you whether your personal information has been exposed.
SSNBreach.org does NOT contain sensitive data, such as Social Security Numbers (SSN), Birth Dates, Addresses, and the like. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Instead of storing sensitive information, we document what information was exposed, and the situation surrounding the breach. This information allows victims to further investigate, take action, or correct any harm from the exposure.