UT students' private data posted on the 'Net

October 29, 2005

http://tennessean.com/apps/pbcs.dll/article?AID=/20051029/NEWS01/510290327/1006/NEWS01



The University of Tennessee notified about 1,900 students and employees yesterday that their names and Social Security numbers inadvertently were posted on the Internet.

"We have absolutely no indication that there has been any malicious activity," said Brice Bible, UT's acting chief information officer. "What we are doing is reporting to the individuals that (the problem) potentially existed."

A University of Tennessee student made the discovery about two weeks ago when she searched the Internet for her name and found it listed with her Social Security number on a UT e-mail discussion group site.

"I shut it down immediately," Bible said of the site, which had been operating since spring 2004.

The names were contained in the archive of a group of about 10 employees in the bursar's office and the IT office who had been computer conferencing. They had been exchanging information on individuals who had either paid or owed small amounts of money to the university.

The group's address coding, or listserv, was improperly configured. Instead of the archive being private, it was coded public.

The Identity Theft Resource Center, a nonprofit advocacy organization in San Diego, said 110 identity information breaches have been reported to the center this year -- almost 60% of them at educational institutions.

[an error occurred while processing this directive]