The University of Kentucky is notifying about 1,300 current and former employees that some of their personal information, including Social Security numbers, was created in March 2005 and inadvertently became accessible to the public May 8, 2006 creating the potential for identity theft.
The UK General Counsel's Office sent out a memo Wednesday to the affected people, referring to the matter as a "sensitive issue" involving the "compromise of data."
However, UK spokesman Jay Blanton said today that: "We don't know that the information of anyone has been compromised."
Blanton said the information had been "inadvertently" available to the public since last month and the site had received 41 hits.
He said UK does not know whether that meant that 41 people had accessed the information, which was on an Excel spreadsheet in a folder file that was on a Web server that could be accessed by the public "only if you entered a name on the search engine."
The information included names of the current and former employees and, most crucially, their Social Security numbers. The information also included their departments, department phone numbers and other items.
Blanton said UK learned about the problem Friday and immediately corrected it.
UK urged the affected people to check their bank and credit card statements "for any suspicious and/or unauthorized activity."
The university further urged those people to request copies of their credit reports and suggested they place a temporary "fraud alert on their credit cards."
The details on how to take these steps were outlined in the memo, which is published in full on Kentucky.com.
In the memo, UK said: "This is a regrettable incident, and he university considers any breach of privacy and confidentiality a serious matter."
UK said that the installation of a major new computer system currently under way would be "further reducing the likelihood of such a problem in the future."
[an error occurred while processing this directive]