Personal information of 259 UH students exposed online

July 24, 2008

By Jeannie Kever, The Houston Chronicle

The names and Social Security numbers of 259 University of Houston students were inadvertently posted on the Internet for more than two years, removed only after a Washington, D.C.-based advocacy group discovered the breach.

The university removed the information from its servers as soon as it was notified in May, school officials said in a statement released Thursday.

It took almost two months longer to ensure it had been removed from other Internet search engines.

The statement said university officials are in the process of notifying all students involved.

The posting occurred when a math department lecturer posted student grades on a UH Web server in October 2005.

Both UH and the Liberity Coalition, an advocacy group which reported the incident, said there is no indication that the information was accessed by outsiders.

Fraud is rare as a result of similar breaches, according to Aaron Titis, information privacy director for the Liberity Coalition.

"But if you are a victim, that's hardly any consolation," he said. "Once you put information online, you throw it to the Internet winds, and you never quite get it back."

Even removing it from the caches of major search engines can't guarantee the information isn't stored on someone's hard drive, he said.

The Liberity Coalition routinely conducts Internet sweeps, looking for security breaches, Titus said. It recently reported similar slips involving the University of Texas at Austin, Virginia Tech University and Central Florida University, among other schools.

Titis said the coalition notified UH of the posting on May 26; it issued the alert earlier this week, after it ascertained it had been removed.

Titis suggested anyone concerned about the issue go to and conduct a search on his or her name to determine if any personal information has been exposed.

main page ATTRITION feedback