In early November, 2007, the Liberty Coalition discovered 31 separate files containing sensitive information for 333 students who took math courses from Associate Professor Vakhtang Putkaradze between Fall 2001 and Fall 2004 at the University of New Mexico. The files appear to contain full names, 177 partial social security numbers, 190 e-mail addresses, and grades for all 333 students. The last four digits of a person’s Social Security Number is used by businesses to extend credit, and may be used by some financial institutions as a password or identifier. By placing this information online, the University of New Mexico has put these students at an elevated risk of identity theft. In addition, much of the exposed information may be protected by FERPA or other applicable laws.
Information provided publicly by the University of New Mexico’s server indicates that the files have been online since as early as 2001.
UNM immediately deleted the files in question, but some remained available in search engine caches into December, 2007. According to one University of New Mexico official, the university is attempting to contact the affected students, most of whom are no longer at UNM.
University of New Mexico recently activated Google indexing for the campus website, making UNM pages more visible than they once were. The UNM official explained,
“We have notified the departmental IT staffs and asked them to take a careful look at their public data…. We do include a discussion of sensitive data in all new faculty orientations at UNM; however, this material was apparently not added to the new faculty orientation until after Professor Putkaradze arrived on campus. We are reviewing this material and ways to ensure that all faculty at UNM are aware of their obligations to protect student data. UNM takes the protection of private student data very seriously. As much as I would prefer that we did not have incidents like this, I am very grateful that you alerted me to this problem.”
You can confirm whether you were affected by this breach by searching for your name at www.ssnbreach.org.
Source: www.ssnbreach.org.