According to its student newspaper, PanAmerican Online, The University of Texas-Pan American has e-mailed an alert to students affected by a security breach. The text of the e-mail is reportedly as follows:
On Nov. 2, 2011, The University of Texas-Pan American discovered that on Sept. 1, 2011, a spreadsheet containing information on 19,276 students was made accessible from the Internet in violation of the University’s privacy policy. You are receiving this e-mail because our records indicate that you are among those included in the spreadsheet.
The spreadsheet contained the following information about each student enrolled as of Sept. 1, 2011: student name, address, phone number, email address, major, level, class, college, student ID number, and GPA. It is important to note that none of this information is of the type that is likely to be useful for identity theft or other fraudulent purposes.
The cause was human error and is not the result of a security breach of a UTPA system. Upon discovery, the situation was reported to the Information Security Office, and the file was immediately removed from the server. The University was able to determine that the spreadsheet had been accessed a total of 15 times from the Internet in the two months that it was accessible to the public. The identities of the individuals who accessed the spreadsheet from the Internet are unknown since neither a logon ID nor a password were required to access the file.
In response to this incident, the University is taking steps to ensure that there are no similar misplaced files elsewhere on its servers. We are also continuing to review the University’s information technology security protocol to ensure that an incident such as this one does not occur again.
It is important to note that there is no evidence to suggest that any of the data that was on the server has or will be used in an unauthorized manner as a result of this incident. However, in the interest of transparency, we want to alert you to the incident, describe the type of information that may have been exposed, and answer questions you may have.
We have posted this notice, along with a list of Frequently Asked Questions (FAQs) at https://my.utpa.edu. If you have any questions that are not addressed in the FAQ, you can send an e-mail to [email protected] or call the Information Security Office at 956-665-7124 during regular business hours. ( Monday-Friday, 8 a.m.- 5 p.m.) We will make every effort to respond to all inquiries as quickly as possible.
We value the trust students, faculty, staff, and others place in us to ensure all data is maintained securely. We deeply regret this unfortunate incident and apologize for any inconvenience it may have caused you. Thank you for your understanding and patience as we work diligently to bring closure to this situation.
Sincerely,
The Office of Information Security
The University of Texas-Pan American”
As of the time of this posting, I do not see the notice or the FAQ on the web site, so this entry may get updated when more information becomes available.
Although it does not say so explicitly, it sounds like student ID numbers are not Social Security numbers. If so, that’s a relief.
ID numbers at UTPA are not SSNs, given the scope of the breach, I suspect that this was a result of someone in an administration department rather than a department from a college with in the university.
Thanks for confirming my impression that this did not involve SSN.