GAINESVILLE, Florida. On November 15, 2007, the Liberty Coalition discovered 14 separate files on the University of Florida Computing and Networking Services (CNS) website containing sensitive information for 534 former University of Florida students, including 415 social security numbers. All affected individuals appear to be former students of Richard A. Elnicki, D.B.A., Professor Emeritus in ISM 4220 and 4220 between 1998 and 2001.
The University of Florida Office of Information Technology, Computer Networking Services, and the FBI were notified of the breach. The files were taken down immediately by University officials, and they took steps to ensure that major search engines cleared their caches of the sensitive information.
The files were posted on an online file server that requires a password to upload files, even though the public can download the files without a password. Although the Liberty Coalition was unable to contact Professor Elnicki directly, past experience has shown that university faculty occasionally mistakenly believe that files uploaded to these types of servers are secure, or at least not available to the public.
The server indicated that many of the files had been online since 1998. Considering the files have gone undetected for up to nine years, even though they apparently sit on a CNS server, the University of Florida’s failure to detect these files seems especially shocking. Students affected by this breach are at severe risk of identity theft.
You can confirm whether you were affected by this breach by searching for your name at www.ssnbreach.org.
Source: www.ssnbreach.org.