BYU authorities have reported a potential leak of 800 Social Security numbers and other personal information files of former and current BYU students.
A BYU-maintained database was accessed without authority sometime around June 10. A further investigation led the Registrar’s Office to discover a separate database on the same server potentially exposed — a database on the same server with personal information of current and former students.
According to Joe Hadfield with University Communications, there is no evidence that the second database with personal information was accessed; however, the opportunity was available. Individuals whose information was stored on that database were alerted more than a month later. This confidential information includes social security numbers, birth dates and addresses.
The personal information was exposed for 24 hours before remedial measures began. An internal investigation occurred as soon as the window was discovered, Hadfield said in an email. Personnel from the Registrar’s Office, OIT and Student Academic and Advisement Services worked together on the recovery and investigation.
“(The window was open) only briefly,” Hadfield said. “Action was taken within 24 hours after the unauthorized access was detected.”
A similar but more severe situation occurred on the campus of University of Tampa in March. A class using an advanced search on Google stumbled upon their own personal information exposed. A total of three security breaches at the university have occurred in the last three years, leaving nearly 30,000 individual records exposed for months at a time.
The possibility of identity theft makes the open window a more serious issue. However, the Registrar’s Office is taking lengthy measures to ensure a window like this never opens in the future.