A file transfer program erroneously installed on a server in an Army Reserve Officers’ Training Corps (ROTC) office at Boston University inadvertently exposed personal information about thousands of people affiliated with the program. University officials say the compromised computer was taken off-line when the breach was identified on July 28; they are working with the U.S. Army Cadet Command to contact every person whose information was placed at risk.
The incident involved information on 6,675 people, say University administrators, 406 of whom are affiliated with BU. Officials believe the rest come from ROTC branches around the country.
[…]
An investigation has revealed that the information, which includes social security numbers and some birth dates, had been exposed since last September, when an ROTC member installed a file transfer program on an ROTC server. That installation, conducted without consultation with the University, placed information in the public domain.
Read more on BU Today. The breach was not uncovered by the university but by someone searching the web for something else.
Update 8-28-09: BU’s notification to the NH Attorney General’s Office with a sample letter to those affected is now available online (pdf).