Security Incident – Multicultural Affairs Student Job Application
February 21, 2011Information regarding the security incident
February 21, 2011, Truman State University was notified that some personal student information had been found on Google. Google had acquired this information during their normal search engine internet scan. The data was accessible by Google because a departmental job application did not store the data collected in a secure manner. The personal information exposed consisted of information provided by a small number of students applying for positions with the Multicultural Affairs Office and included name, email address, social security number or Banner ID, GPA, mailing address, and some specific information about the student’s interests and availability to work.
Upon being notified, Truman’s Information Technology Services Office immediately took the necessary steps to remove the information from the web server hosting the pages as well as several search engines including Google, Yahoo! and Bing. We have no evidence that any personal information has been accessed or used for illegal or malicious activities. However, the potential risks associated with identity theft are very serious matters. Truman is taking precautionary steps by informing and advising all affected students about safeguard measures aimed at protecting privacy. Notification was sent to all individuals whose information might be found on any of the search engines.
What happened?
A departmental job application hosted on the Truman website that collected personal student information stored the information in an unsecured manner. Google and other search engines then acquired, or cached, the information. When the cached pages were discovered and reported to Truman’s Information Technology Office, technical staff were called in to investigate and take steps to remove the exposed information.
Who is affected?
Students who used the Multicultural Affairs job application in 2006 and part of 2007 are the only individuals whose personal information was exposed. Less than 80 students are affected by this incident.
When was my personal information exposed?
The personal information you provided using the online job application system appeared to be accessible between from sometime in 2006 through February 2011.
What specific items of my personal information were involved?
Only the personal information you provided when using the online application. The specific items were your name, email address, social security number or Banner ID, GPA, mailing address, and some specific information regarding your interests and availability to work.
What is being done now?
The files containing the personal information have all been removed from the system. Additionally, Google, Yahoo! and Bing have removed these pages from their cached files as well. Additional information will be released at https://idinfo.truman.edu.
If my information was among the files exposed or stolen, does this mean that I’m a victim of identity theft?
No. The fact that someone may have had access to your information doesn’t mean you are a victim of identity theft or that they intend to use the information to commit fraud. We wanted to let you know about the incident so that you can take appropriate steps to protect yourself. The best way to protect yourself is to place a free fraud alert on your credit files and review your credit reports.
Has my information been used to steal my identity?
At this time, we have no indication that the information contained on the computer has been used for illegal or malicious purposes. However, the potential risks associated with identity theft are very serious matters, and that is why we have contacted affected individuals.
What is Truman doing to prevent this from occurring again?
Information Technology Services is reviewing web development processes and is also reviewing existing website information, including searches for unsecured personal information. In addition, nearly all student job openings are now handled through TruPositions, and the problem application is no longer in use.
What should I do?
You should carefully review any bills that you receive in the near future, especially credit card transactions, to ensure that the charges associated with your accounts are accurate. For additional information about identity theft, visithttp://www.consumer.gov/idtheft or call toll free 877-ID-THEFT (877 438 4338); TTY: 866 653 4261. We also encourage you to read through the Frequently Asked Questions on this website.