From the UF web site:
University of Florida officials have notified 239 former students that their names, addresses and Social Security numbers were part of a web-accessible archive of computer science class information created in 2003 by a faculty member.
Discovered last month, the website was removed immediately from the server, which is housed in the department of computer and information science and engineering. The university used Social Security numbers as UF identification numbers until the practice was discontinued in 2003.
It is not known whether the information was accessed or used.
The website will not be re-enabled in the same form. The College of Engineering allows faculty to post grades and other class information online only through Sakai, the university’s secure e-learning course management system.
Letters were mailed today to most of the individuals with personal information listed in the database, but contact information was not available for 54 additional students. Anyone who thinks he or she may be one of the people affected and were not notified by mail should read the information provided on UF’s privacy website at http://privacy.ufl.edu. Concerned individuals may also call UF’s Privacy Office Hotline toll-free at 1-866-876-HIPA.
Ok, the archive was created in 2003, but has it been accessible on the web since then? I hope not… I’ve sent them an inquiry about that.
Update: UF confirmed to DataBreaches.net that the archive was exposed on the web as early as 2003 although there may have been “periods of downtime along the way.”