Personal data of NMSU students posted online

April 19, 2007

Associated Press

The names and Social Security numbers of more than 5,600 New Mexico State University students were accidentally posted on the school's Web site, but officials say odds are minimal that any students' identities were compromised.

The information was in a public section of the site for nearly two hours on April 5 before the mistake was caught.

The file was accessed by 14 computers and all of their IP addresses have been tracked, said Mrinal Virnave, NMSU's director of enterprise application services.

Virnave said the file contained the names and Social Security numbers of students who registered online to attend their commencement ceremonies from 2003 to 2005, meaning most of the names and numbers are of former students.

Virnave said the mistake happened when an automated program moved what was supposed to be a private file into a public section of the Web site. He said steps have been taken to prevent a similar incident.

NMSU Chief Information Officer Michael Hites said the students for whom the university has an e-mail address on file were notified of the breach within a week. The rest will be notified with a letter.

Kasey Stockton, a graduate student, said she registered for commencement online in when she received her undergraduate degree in 2004. She hadn't been notified of the security breach and was concerned.

"Identity theft is such a big deal now," Stockton said, adding that she checks her credit report often and isn't aware of any tampering with her identity as a result of the breach.

The Federal Trade Commission estimates the identities of 9 million Americans are stolen each year, with thieves using the information to obtain credit cards, secure loans and open bank accounts.

Hites said the file that was mistakenly placed online has been deleted and steps have been taken to make sure search engines like Google don't have the file in their caches.

main page ATTRITION feedback