14 DAY TRIAL // The personal information of as many as 126,000 students and employees from six public colleges in Florida was exposed after a bad software update left sensitive data accessible to anyone online.
The data breach occurred between May 29, 2010, and June 2, 2010, at the College Center for Library Automation (CCLA) and involved personally identifiable information (PII) of students and staff from Broward College, Florida State College at Jacksonville, Northwest Florida State College, Pensacola State College, South Florida Community College, and Tallahassee Community College, being made available to Google's search engine crawlers by accident.
The incident was discovered by a student from one of the affected educational institutions who found his own information on a publicly accessible CCLA server after performing a Google Web search.
The College Center for Library Automation processes library borrower records for various Florida public colleges and the exposed information, which incolved full names and Social Security Numbers (SSNs), was located in temporary work files.
CCLA notes that no financial information or library usage records were leaked during the incident and that the temporarily exposed data was incoporated in long strings of alphanumeric info.
Upon being notified on June 23, 2010, the organization immediately contacted Google and worked with the search engine to remove the sensitive information from its servers by the next day.
In a special page regarding the breach posted on its website, the CCLA claims that all public access to the data was revoked within 18 hours since learning of the problem.
There is evidence of the information being accessed by unauthorized parties during the time it was exposed online, but the center has no indication that it has been copied or misused.
CCLA is in the process of notifying all affected individuals in writing and recommends that they place a free fraud alert on their credit files by contacting one of the three national credit bureaus, Equifax, Experian and TransUnion.
"We pride ourselves on protecting private information and deeply regret this inadvertent exposure. I apologize to those involved for any worry or inconvenience this may cause them," said CCLA's CEO Richard Madaus, according to a press release (PDF).
You can follow the editor on Twitter @lconstantin