Missouri State University officials are notifying 6,030 College of Education students that their Social Security numbers may have been compromised as the result of an accidental, internal security breach. The breach could cost the school more than $40,000 in damage control.
In October and November, the MSU College of Education prepared lists of students by semester in preparation for accreditation. The lists, comprising nine semesters between 2005-09, included Social Security numbers, according to an MSU news release.
A total of nine lists were prepared in electronic format to be available on secure servers for College of Education personnel working on the accreditation, as well as the accreditation team. The lists, however, were instead posted to an unsecured server, leading to all of the lists, with student names and Social Security numbers, ending up on Google, the release said.
MSU learned of the breach Feb. 22 after an individual notified the university.
The university has since taken action to address the issue, including:
- working with Google to ensure the lists were pulled, the last of which was removed this past weekend;
- offering to pay consumer identity theft protection for all involved, which, at a negotiated rate of $7 per person, could cost the school about $42,210;
- notifying the Missouri attorney general, an obligation under Missouri statutes for a breach of this size;
- initiating disciplinary action against the employee, unnamed in the release, who posted the information on the unsecured server; and
- properly securing the College of Education's accreditations and working with all other college deans to ensure a breach doesn't happen again.
“It is very unfortunate that this breach occurred,” Jeff Morrissey, MSU chief information officer, said in the release. “We are taking this breach very seriously, and we hope these steps will prevent inappropriate use of the personal information that was compromised.”[[In-content Ad]]