The names, social security numbers and addresses of 146,000 Indiana University students and recent graduates have been compromised in a data breach.
People across all seven campuses who attended IU from 2011-2014 are potentially at risk.
University officials say the problem wasn’t a technical one, but rather human error. The Student Services database was supposed to be in an encrypted location, but instead it was being stored in an insecure location.
An employee discovered the issue last week, and IU spokesman Mark Land says the university quickly secured the data the following day.
Land says no humans have seen the data; it was not downloaded by anyone looking for sensitive information. However, the data did get picked up by a web crawler that mines information to improve web search capabilities.
In a statement, James Kennedy, associate vice president for financial aid and university student services and system, said the incident was not a targeted attack to obtain data for illegal purposes.
“And we believe the chance of sensitive data falling into the wrong hands as a result of this situation is remote,” said Kennedy. “At the same time, we have moved quickly to secure the data and are conducting a thorough investigation into our information handling process to ensure that this doesn’t happen again.”
The University reported the incident today to the Attorney General’s office.
Land says the university is also in the process of notifying all affected students.