Montana State University has sent letters of apology to more than 250 students whose names and Social Security numbers were mistakenly shared with other students.
Eight students each mistakenly received a list of 30 or so students' names and Social Security numbers, school officials said.
School administrators said they do not believe the information was misused, but alerted the 259 students after being unable to immediately reach all of the eight who received the information.
"We take it very seriously," Laura Humberger, MSU assistant vice president for financial services, said of the error. "We've changed our procedures that contributed to the problem."
She said MSU is still trying to track down all the students who received the information, which has been difficult given the Christmas break. But she said those contacted so far have cooperated.
The parent of a student first alerted MSU officials a couple of weeks ago that their child had received a list of other students' names and Social Security numbers.
Humberger said the mistake occurred when a student working in the MSU loan office mailed out packets to eight students who had paid off their student loans. Each packet contained the contents of each student's file, with the original promissory note marked as paid. But each packet also contained an alphabetical list of 30 or so other students with loans. The name of the packet recipient was highlighted.
Generating lists of names apparently started recently when MSU adopted a new procedure to keep track of student loans that students "sign" electronically over the Internet, rather than with ink on paper.
From now on, Humberger said, the files of students who take out loans will not contain the names and Social Security numbers of other students.
Sylvia Sparkman, whose daughter Jessi is among the 259 students whose information was accidentally released, said she was stunned when the school alerted her to the error.
"A Social Security number is supposed to be pretty much a sacred number, safeguarded pretty closely," Sparkman said. "There is a potential of long-term consequences to my daughter should it get in the wrong hands."
The sharing of private student information is not an isolated incident.
The University of California, Los Angeles discovered that a central database containing 800,000 records of current and former students, applicants, faculty and staff were exposed when a hacker or hackers broke into the system in October 2005.
Ohio University announced that 173,000 Social Security numbers may have been stolen.