WPRI in Rhode Island reports that University of Rhode Island is notifying current and former faculty members as well as some students that their data were on a publicly shared College of Business Administration server that was accessed and viewed by unauthorized individuals.
A statement posted on URI’s web site indicates that 1,000 faculty members were being notified of the breach.
The university was made aware of the breach on July 31 and that files on the server had been accessed outside of the University. The faculty information that was exposed included name, date of birth, hire year, rank, Social Security number and some compensation information.
In addition to the faculty members, 22 former URI students and 80 students from another unnamed university are also being notified that their information was contained on the server. For former URI students, the exposed information included names and Social Security numbers. The information on the students from the out-of state university had been uploaded to the server by a URI faculty member who was a former faculty member of that institution. The out-of-state student file contained names, Social Security numbers and grades and was uploaded in March 2007. The file remained there until the situation was discovered and the server was shut down on July 31, 2012.
According to the university, the server had been used by faculty to upload and share course information and was never intended to be used for identity information. The university is offering those affected credit monitoring and identity theft protection.