Indiana University reports potential data exposure
In February this year, Indiana University notified the Indiana Attorney General’s office of the potential exposure of personal data for some students and recent graduates. The data potentially at risk for disclosure includes names, addresses and Social Security numbers for approximately 1,46,000 students and recent graduates across seven IU campuses who attended the university from 2011 to 2014.
Unlike recent high-profile data breaches, however, no servers or systems were compromised. The information was not downloaded by an unauthorised individual looking for specific sensitive data, but rather was accessed by three automated computer data mining applications, called webcrawlers, used to improve web search capabilities.
Immediately upon discovering the potential issue, IU secured the data, and the university has no evidence that the files have been viewed or used for inappropriate or illegal purposes. As a precaution, however, the university will begin notifying all affected students of the possible data exposure this week.
“IU takes the security of all its data, especially the personal information of its students, extremely seriously and apologises for any concern this issue may cause among our students and their families,” said John Applegate, Executive Vice President for University Academic Affairs. “The university also is committed to assisting those whose information was potentially exposed.”