FORT COLLINS, Colorado. On November 15, 2007, the Liberty Coalition discovered four files containing sensitive personal student information for 300 Colorado State University students on the Warner College of Natural Resources website. The files include 208 social security numbers, usernames, passwords (derived from the social security number), and other information. The affected individuals all appear to be former College of Natural Resources students.
The files were created between 2000 and 2004, and according to meta properties contained in the Excel file, they were last saved by “Ingrid Burke” or “Craig Spooner.” One of the files seems to have originated with “Mark Gathany” of Ohio University. Students affected by this breach may be at extreme risk of identity theft.
University officials immediately responded, taking down the file and working to get search engine caches cleared. Scott Baily, Associate Director of Academic Computing & Networking Services explained,
“Colorado State University takes personal privacy very seriously, and has policies against maintaining unencrypted files containing sensitive information. Indeed, last year we undertook a campus-wide SSN purge activity, where University-owned computers were scanned in an attempt to remove all files containing sensitive information…. I have contacted Yahoo, the only search engine that we can confirm had these files in their cache…. A total of 114 unique SSNs are involved. CSU has initiated a course of action to notify the affected parties to the extent possible.”
You can confirm whether you were affected by this breach by searching for your name at www.ssnbreach.org.
About SSNBreach.org
SSNBreach.org is a free online directory of victims of personal information breach, that tells you whether your personal information has been exposed.
SSNBreach.org does NOT contain sensitive data, such as Social Security Numbers (SSN), Birth Dates, Addresses, and the like. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Instead of storing sensitive information, we document what information was exposed, and the situation surrounding the breach. This information allows victims to further investigate, take action, or correct any harm from the exposure.