14 DAY TRIAL // The names and Social Security numbers of 43,000 former and current Yale University students, faculty, staff and alumni were exposed after a file hosted on a FTP server was indexed by Google.
"We immediately blocked that server from the Internet, removed the file and did a complete scan of the server to make sure there were no additional at-risk files," the university's Information Technology Services Director Len Peters said.
According to him, the breach was caused by the fact that Google started indexing the contents of FTP servers in September 2010, yet the university was not aware of this.
It wasn't actual data that got indexed, but the name and location of the file that Peters claims was well hidden and inconspicuous.
The information was available in Google for over ten months before being scrubbed by the search engine giant at the university's request.
The company did not share data regarding how many times the file was accessed through its website, but so far Yale officials have no reason to believe that the data has been abused.
According to Yale Daily News, the data breach was discovered on June 30, but the university started notifying affected individuals two weeks ago.
Only students, faculty, staff and alumni affiliated with the university in 1999 were impacted and Yale is offering them two years of free credit monitoring and identity theft insurance.
The offer is very generous compared to what other organizations have offered in similar circumstances, but some could argue that the university waited too long until starting to notify people.
Legislators are currently working on new federal laws that would require companies to ensure a minimum level of security for consumer data and announce any breaches in a timely fashion.