AMES, Iowa. In early December, 2007 Iowa State University posted the names, social security numbers, scores, and grades of 26 former students on its website. The students all appear to have taken the course “ME 325” in the Spring of 2001 from Gloria Starns. The information, along with e-mail addresses has been posted on iastate.edu for six years, since January 10, 2002. Much of the information in the files may be protected by FERPA, and all of it is sensitive. By placing students’ names and social security numbers online, Iowa State University has put these 26 students at severe risk of identity theft and other kinds of fraud.
Paragraph 3.1.2. of the Iowa State University Code of Computer Ethics indicates that Iowa State University does not have a regular policy of searching text and non-text based files on public servers to determine whether they may contain sensitive information. Especially in this instance, where a faculty member accidentally posted sensitive information six years ago and had likely forgotten about the information, the University is in the best position to catch breaches when they occur, before search engines index the files.
Individuals affected by this breach should immediately visit www.ssnbreach.org and search for their names, to confirm what types of personal information were exposed.
About SSNBreach.org
Sponsored by the Washington, DC non-profit Liberty Coalition, SSNBreach.org provides hundreds of thousands of free personalized Identity Exposure Reports™ as a public service.
SSNBreach.org documents the types of information exposed, but does NOT contain sensitive data, such as Social Security Numbers, Birth Dates, Addresses, etc. Consequently, there is no way to search for your SSN or any other type of sensitive data on SSNBreach.org. Once we document the types of exposed information, and the situation surrounding the breach, we include the information in personalized Identity Exposure Reports. This information allows victims to further investigate, take action, or correct harm.