PEARL CITY (HawaiiNewsNow) - The University of Hawaii (UH) is in damage control mode. Easy-to-get software could've prevented the major security breach Hawaii News Now reported last week. It's the third breach in two years.
UH on Wednesday night said it's come up with a plan to prevent a repeat. This, after tens of thousands of private files ended up online, and that's just in this latest security breach alone.
40,101 UH alumni's privacy may have been compromised, after a professor at the West-Oahu campus accidentally posted their records online.
On Wednesday morning, the Liberty Coalition held a conference call to reach out to victims.
"How in the heck are we supposed to protect ourselves and if a thief is prosecuted, why in the heck isn't somebody who gives out our ID?" asked one caller, Paul Filpot, a UH alumnus.
Liberty Coalition is the privacy watchdog group from Washington, D.C. that caught the security breach.
All it took was a simple Google search for words like "SSN", as in social security number.
The Liberty Coalition says UH could've prevented the security breach using simple scanning software like Identity Finder. And it's affordable. Prices for a professional version start at $60 a year.
"I can't speculate as to why it was not looked at earlier. However, that is something we are looking at right now," said Ryan Mielke, a spokesperson for UH West-Oahu.
"I'm furious that this happened. This is the second time that this happened to me because I was also involved in the data breach from the parking office," said David Lee Rogers, a UH alumnus who participated in the conference call.
In July, a hacker infected the UH Manoa parking office computer with a virus.
The online breach may have exposed 41,000 social security and 200 credit card numbers of staff and students.
In this recent breach, the professor mistakenly uploaded student's sensitive information to an unsecured server, and even to his personal computer, against University policy.
"He did do that, however he has deleted all of those files. He's confirmed that none of them are with his home computer," said Mielke.
"Although severe, we believe that the breach was not malicious. In fact, I spoke with the retired faculty member on a few occasions. He is devastated. Although he bears some of the blame for this breach, the University of Hawaii has had a consistent pattern of breaches which has gone uncured for more than a year," said Aaron Titus, Privacy Director for Liberty Coalition.
The professor, who retired in the summer, was using the data to conduct research on the success rates of students.
"I do research and I'm shocked that an informed consent was not required for participation in this investigation by this UH professor," said Mary Kim, a UH alumnus who phoned in to Liberty Coalition's conference call.
The private information was exposed for nearly a year, from last November, until this past October, when Liberty Coalition made the discovery.
Here's who could be at risk: UH Manoa students from 1990 to 1998, and 2001, plus those who attended West Oahu in the Fall of 1994, or graduated from 1988 to 1993.
"It just frustrates me that this didn't happen 15 years ago, the information might be 15 years old, but it happened last year when people already knew that social security numbers were important tools for identity thieves," said Rogers.
"Statistically speaking, the risk of identity theft in cases like this is pretty low. But that's like saying 'Most of the antelope in the herd never get eaten,' said Titus.
Those who have questions can call the University at (808) 956-6000, Monday through Friday between 8:00 a.m. to 4:30 p.m.
UH also has a web page up with answers to frequently asked questions. A link is posted on this page.
Liberty Coalition says UH alumni can also check if they're among those affected by going to National ID Watch's web site and search for their name. A link to the web site is also posted on this page.