Seattle University was contacted by a student who discovered that permissions for some folders in the university’s Microsoft Exchange folder system had been set incorrectly, allowing anyone with a university email address to gain access to the files in those folders. The university reports that 628 current and former students had personal information in those folders, including, in at least one case, Social Security number. A forensic investigation uncovered no evidence that the information had been accessed by anyone other than the student who discovered the problem, and there was no evidence of misuse of the students’ information. Students were offered free credit monitoring services.
You can read more about it in SU’s notification to the New Hampshire Attorney General’s Office.