University of Hawaii posts confidential information on 40,000 students

In December 2009, a University of Hawaii faculty member who was conducting a study of students inadvertently uploaded files containing the information to an unprotected server, the university said in an Oct. 28 statement.

The data breach affected students who attended the university’s Manoa campus from 1990 to 1998 and in 2001, as well as students who attended the West Oahu campus in 1994 or who graduated in the years 1988 to 1993.

The university promptly removed the exposed files and disconnected the server from the network when it was notified of the data breach on Oct. 18 by the Washington-based Liberty Coalition.

The University of Hawaii notified the students, the FBI, and the Honolulu police about the data breach. It has set up a call center and website for affected students and is advising them to obtain credit reports and to review financial statements to look for unusual activities.

According to the university, there is “no evidence that anyone’s personal information was accessed for malicious intent.” However, Aaron Titus, information privacy director at the Liberty Coalition, termed this claim misleading. "Theoretically, anybody with an Internet connection could have had access to it….Of course they don't have any evidence of misuse, because the bad guys wouldn't tell them if they had", he told the Associated Press.

This is the third recent data breach in the University of Hawaii system, according to the AP. The other major breaches include an incident this summer involving the release of personal information of 53,000 people – including 40,000 Social Security numbers – who had business with the Manoa parking office. Last year, more than 15,000 students at Kapiolani Community College were warned after an infected computer compromised their information on financial aid applications.

What’s Hot on Infosecurity Magazine?