UT tells employees of potential data breach

April 13, 2008


Personal information of nearly 6,500 University of Toledo employees - the majority having worked on the Health Science Campus in 1993 and 1999 - last month was inadvertently placed on a server to which all employees had access.

The information, which was used for payroll purposes, included basically what is on a W-2 - name, address, and Social Security number - and was accessible for about 24 hours.

An employee in the payroll department authorized to work with the data accidentally moved it to the wrong folder on the morning of March 4. It was discovered in the wrong place by an information technology employee on March 5, said Bob Hogle, interim information technology chief operating officer.

A total of 44 files was inadvertently moved to the folder and five files contained personal information, he said, adding that the temporary folder where they were misplaced is a rarely used part of the network storage area.

While the university believes the chances are slim that the information was accessed by anybody, a letter was sent Tuesday to the 6,488 people whose information was in the files.

It took some time to identify every person and find current addresses for them, since most are past employees.

It is common for large data files, such as these spreadsheets, to be stored on the internal server, but they are typically kept in folders where only employees of that department have access, Mr. Hogle said.

The temporary folder where the information was accidentally placed has been removed, he said.

main page ATTRITION feedback