There’s been another breach in the education sector, this one involving Franklin & Marshall College in Lancaster, PA.
On March 19, F&M was notified that two Excel sheets with 356 students’ full names and Social Security numbers was exposed on the public portion of their eDisk network. The files were promptly removed. An investigation revealed that an employee had accidentally uploaded them to the public section on March 27, 2013 and June 13, 2013. The college does not indict who notified them of the exposure. Nor do they explain how they never discovered this themselves after two years.
Although the college reports that they have no indication that the information has been misused, they did not disclose whether any investigation had indicated whether those files were accessed in the almost-two years that they were exposed, and if so, how many times.
Affected students will be notified by postal letter on or about April 15, and will be offered credit and identity monitoring services from Kroll.
You can read the notification to the New Hampshire Attorney General’s Office and a template of the notification to affected students here (pdf).