Indiana University reports possible data breach

Published: .
Updated: .

Indiana University notified the Indiana Attorney General's office Tuesday about a data breach that potentially put thousands of students and recent graduates at risk.

An employee discovered the problem, involving people's personal information and now the university is taking steps to make sure people stay protected.

In Bloomington and at six other IU campuses across the state, students and recent grads could be at risk.

A data breach left their personal information exposed. Now, students are concerned.

"That's information that when you give it to the university, you expect that to be kept private," said IU junior Steven Cavanaugh.

"Gosh, your Social Security card number is like the one thing you're told to keep on lockdown," added IU senior Natalie Duffy. "You don't want anyone to have that number."

The exposed information includes names, addresses and Social Security numbers for about 146,000 people who attended or graduated IU between 2011 and 2014.

That many people could fill Assembly Hall eight times over.

"There are a lot of people and the records do contain sensitive information. That's why we're trying to be proactive," said Indiana University spokesman Mark Land.

IU notified the Attorney General's office, which is now investigating the breach.

"If you're one of the ones affected, it's obviously a very big issue," said Chuck Taylor, with the AG's identity theft division. "Since it involves Social Security numbers, it is something we'd take more seriously as well."

The university says this was essentially human error.

A change made in security 11 months ago left names and Social Security numbers at risk at the registrar's office.

Then, that personal information was accessed by computer data mining applications, called web crawlers, which are used to improve web search capabilities.

But IU doesn't believe that data was viewed or used for illegal purposes.

"We don't have any evidence that anyone has actually accessed these files. They were left unprotected, which we discovered last week," Land said. "But we did feel that we had an obligation to notify people that there was at least a small risk that this information was out there."

IU is offering a hotline beginning Friday, along with a website to answer questions and help people protect themselves. The call center has a toll-free number: 866-254-1484.

Students say plan to use it, no matter how small the risk they face from the breach.

"We'll take any measures that the university provides to make sure that our information's secure," Cavanaugh said.

IU plans to send out notifications to people affected later this week. The university will also provide the Social Security numbers and names of those potentially affected to the three major credit-reporting agencies.

A website with information on how to monitor one's credit accounts and with answers to other questions regarding the potential data exposure has been established here.

Even though there are no reports of fraud from the breach, the Attorney General's office recommends if you're concerned, you can put a security freeze on your credit or request fraud alerts to stay safe.