UH security breach, private student information exposed

Aaron Titus
Aaron Titus
Ryan Mielke
Ryan Mielke

By Mari-Ela David - bio | email

PEARL CITY (HawaiiNewsNow) - The University of Hawaii (UH) on Thursday evening issued a security alert.

Years after graduation, it's an unsettling surprise for tens of thousands of former students. Their private information has been exposed in the most public of places - the Internet.

UH believes it's unlikely anyone's identity has been stolen, but can't say for sure.

The security mishap happened at the West Oahu campus, but it also affected students who attended UH Manoa.

"Unfortunately, breaches like this happen on a weekly basis somewhere in the U.S. what makes this different is that this is the third largest that I've personally documented," said Aaron Titus, Privacy Director at Liberty Coalition, a privacy watchdog group in Washington D.C.

Via Skype, Titus told Hawaii News Now how he discovered the security breach at UH through Google.

"It was just a very simple search, searching for terms like 'SSN' and it came up," said Titus.

'SSN' as in Social Security Number, as well as names, and birth dates of more than 40,000 former UH students.

And that's not all Titus found.

"Things like gender, home language, marital status, number of dependents, dependent children, the highest level of education for your father and mother," said Titus.

Here's who could be at risk: UH Manoa students from 1990 to 1998, and 2001, plus those who attended West Oahu in the Fall of 1994, or graduated from 1988 to 1993.

A server at West Oahu, now disconnected, is where a faculty member mistakenly uploaded the files. UH Spokesperson, Ryan Mielke, says he was working on a study about the success rate of students.

"He completely thought that the server itself was secure and encrypted. It was not, unfortunately," said Mielke.

"We found that the University faculty member who was responsible for this breach, had actually taken this and a lot of other personal information and transferred it to his home computer, against University policy," said Titus.

Mielke says they're still investigating what happened, but they do know the information was exposed for nearly a year, from last November, until last week, October 18th, when Liberty Coalition made the discovery.

UH didn't make an announcement until Thursday, because the University had to wait until Google cleared its caches.

"Even after information is deleted offline, it still remains in Google's caches and it could theoretically be accessed by a third party so that's why we had to wait," said Titus.

The FBI and Honolulu Police Department have been notified.

So far, no foul play has been reported, and UH says identity theft is unlikely.

"We have no evidence of any hacking or any substantial use or viewing of those files," said Mielke.

UH has already sent out an email blast to those affected, and will mail letters to students starting Friday.

UH urges those affected to check their credit report, bank and credit card statements. Anyone who sees unusual or suspicious activity is advised to contact their financial institution immediately.

Those who have questions can call the University at (808) 956-6000, Monday through Friday between 8:00 a.m. to 4:30 p.m.

Copyright 2010 Hawaii News Now. All rights reserved.