Old Dominion University informed 601 students Tuesday that their names and Social Security numbers had inadvertently been placed on a university Web server nearly two years ago.
Jennifer Mullen, a university spokeswoman, said an instructor "copied and pasted a class roster to a Web site which she could access." Mullen said ODU officials think it was not deliberate.
The instructor is believed to have been a graduate student, Mullen said, but officials are still investigating. They do not know if she is still at the university.
The information was posted during the spring semester of 2004. It was removed Friday, when the university was alerted, Mullen said.
It took so long, she said, because the data was on a "secondary server. It was not anything that was easily accessible on the Web, but it was on the Web, nevertheless."
ODU does not know whether the personal information was used illegally, Mullen said.
The registered letters to the students, who had been enrolled in a large introductory lecture, provided the names and Web sites of organizations to check whether they had been the victims of identity theft. The university's computer office also will help the students, Mullen said.
ODU's president, Roseann Runte, sent an e-mail to faculty and staff members Tuesday to alert them about the matter and caution them about privacy issues, Mullen said. The university also will begin employee training to avoid a recurrence, she said.
Mullen stressed that the incident did not involve hacking. "There was not a breach in the university.s computer server system," she said. "It was a human error."
[an error occurred while processing this directive]