Stumbled across this University of Florida breach today while searching for something else:
Payroll Breach Information
Published: March 11th, 2013On February 17, 2013, the University’s Privacy Office was notified that a list of social security numbers (SSN) was mistakenly released. Specifically, a payroll processing report that included SSNs was shared by means of a public UF LISTSERV that unknowingly enabled Google to index and cache the file for 15 days. Unfortunately, the report contained this personally identifiable information (PII) for 1,294 University of Florida employees; your name and SSN were included in the report.
After the Privacy Office became aware of the situation, the PII was immediately secured by removal from Google’s cache and the UF LISTSERV archive. Furthermore, we have deleted email containing the report from the accounts of individuals on the UF central email server who subscribed to this particular LISTSERV.
Documents
- Copy of letter by UF officials (PDF, 122 KB)
- Answers to Commonly Asked Questions (Updated 3/5/2012)
- Identity Theft Brochure (PDF, 1.08 MB)
- Police Report (PDF, 106 KB)
I also found two other breaches in 2013 that got posted to PHIprivacy.net today.
By the University of Florida’s own count, they’ve had 14 breaches since 2010, five of them in 2013. Of the five most recent, three involved insider breaches for malicious purposes.