If you attended the University of Hawaii at Manoa or UH West Oahu your personal information may have been posted online, accessible to just about anyone.
The security breach involves 41,101 students who attended the UH Manoa campus from 1990 to 1998 and in 2001. Students who attended UH West Oahu in the fall of 1994 and from 1988 through 1993 are also affected.
"We are currently sending out more than 40,000 letters to all of those students using their permanent address that they provided in our UH records as well as emailing all of the students that we have with their current email address,” said UH West Oahu Spokesman Ryan Mielke.
The personal information included social security numbers, dates of births, names and student grades. The information was available via the internet from November 30 of 2009 until October 18 of 2010.
Mielke said the upload happened after a UH West Oahu professor inadvertently placed the personal information onto a non-encrypted web server while conducting a study of student success rates. The professor never completed the study and retired in June.
"The faculty member truly believed it was an encrypted server and it was not, it was an error,” Mielke told Khon2.
Although the website that contained the information was only used by faculty at the University of Hawaii, it could have been easily obtained by anyone who knew where to look.
“Google as it searches the web occasionally comes across those bits of information and logs them,” explained Mielke, “(and) it did so in this instance.”
The University of Hawaii was told about the security breach on October 18 by the Liberty Coalition, a non-profit group dedicated to preserving individual privacy. The web server was immediately taken off-line once UH became aware of the situation.
“We have not found any malicious activity whatsoever with those files that were uploaded onto that server or within the individual records,” said Mielke.
“It was not an easily recognizable or discoverable directory so you would have to know what you're looking for to really dive down deep in there to try to find those files.”
Aaron Titus of the Liberty Coalition found the sensitive information through a simple Google search.
Although the security breach appears to be accidental, Titus said in a press release that certain aspects of the incident may violate the Family Educational Rights and Privacy Act (FERPA) as well as the University of Hawaii’s policy on privacy.
The security breech at UH West Oahu comes on the heels of a May 2010 breach involving 53,000 faculty and students who conducted business with the UH Manoa Parking Office as well as a 2009 breach involving more than 15,400 parents and students.
Mielke said the University of Hawaii System is in the process of strengthening its online security measures.
“We're currently coordinating with information security officials at the System to ensure that this doesn't happen again (and) putting in place new software that scans all of our systems for social security numbers, identifying weaknesses and removing them.”
Anyone who believes they may have been impacted by the latest cyber breach at UH is advised to check their credit reports and banking statements for any discrepancies. The university has also set-up a help line at 956-6000, Monday through Friday from 8 a.m. to 4:30 p.m.
Information can also be found online at: www.uhwo.hawaii.edu/idalert
Have a news tip? Contact Andrew Pereira at 368-7273. Follow Andrew on Twitter at Khon_Reporter
