Personal information of 2,100 VCU students exposed online

September 1, 2006

By Gary Robertson

http://www.timesdispatch.com/servlet/Satellite?pagename=RTD%2FMGArticle%2FRTD_BasicArticle
&c=MGArticle&cid=1149190342537&path=!news&s=1045855934842



Human error caused the names, Social Security numbers and e-mail addresses of about 2,100 current and former Virginia Commonwealth University students to be available online for eight months, the school says.

VCU announced yesterday that it is contacting affected students, but there is no indication that their information has been viewed or used.

According to VCU, the personal information of freshmen and graduate engineering students from the fall semester of 1998 through 2005 was unintentionally placed in a folder available on the Internet.

VCU said the problem was discovered Tuesday by a student who Googled her name and found personal information. The data became exposed in January when files on a School of Engineering server were moved to an insecure folder.

The security breach prompted VCU to remove the files and information from the insecure folder and erase the record of those files, which is stored on search engines such as Google and Yahoo.

The university says it has been taking steps to strengthen the security of confidential information. A central step has been to replace Social Security numbers with a unique student number.

More information about the problem is available at www.ts.vcu.edu/security/id_exposure.html.

In an unrelated incident, a VCU graduate is awaiting trial on charges that he hacked into computers at the university in 2005 and stole hundreds of ID, bank account and Social Security numbers.

George Nkansah Owusu is to be tried in U.S. District Court in Richmond next month. If he is convicted on all counts, he faces a maximum sentence of 30 years.


main page ATTRITION feedback