Personal information inadvertently exposed to Internet

By Pamela DiSalvo Lepley
Division of University Relations

Richmond, Va. (Aug. 31, 2006) -- Virginia Commonwealth University is contacting about 2,100 current and former students whose personal information was viewable on the Internet for eight months.

The names, social security numbers and e-mail addresses of freshman and graduate engineering students from fall semesters 1998 through 2005 were unintentionally placed in a folder open to the Internet. 

There is no indication that this information has been viewed or used for any purposes.

The exposure of the personal information to the Web is the result of human error. In January 2006, data files on a School of Engineering server were inadvertently transferred from a secure to an insecure folder during a system restoration.

The problem was revealed Tuesday by a student who Googled herself and discovered the posting of the personal information.  As soon as the security breach was detected, the files and information were removed from the insecure folder and steps taken to eliminate the record of those files which are stored on search engines such as Google and Yahoo.  VCU also is working to ensure that no other personal information is exposed and to increase restrictions on access to University computers from the Internet.

The affected students are being contacted individually about this exposure.  More information about this incident is available at http://www.ts.vcu.edu/security/id_exposure.html.