Hubbard-Bert is the benfits administrator for students at Lake Erie College of Osteopathic Medicine.
On April 24, they learned that spreadsheets containing personal information of some LECOM students was inadvertently exposed on the Internet due to a misconfiguration of a test server on April 14 (yes, a test server should not have live data for exactly this reason). The number of students affected was not disclosed, but HB noted that this breach did not affect all LECOM students.
The information contained in the spreadsheets included students’ names, Social Security numbers, e-mail address, and in some cases, dates of birth.
HB’s investigation revealed that any unauthorized access to the data may have first occurred on April 20. By the evening of April 25, the files were no longer accessible via Internet search engines.
LECOM was notified of the breach on April 25, and beginning on May 13, notification letters were being sent to those affected, offering them a year of services through Experian ProtectMyID.
One of the changes HB made after this incident was to install a new offline web server for future testing purposes.
You can read their notification letter to the New Hampshire Attorney General’s Office and to affected students here (pdf).