According to university spokesman Dennis O'Shea, the university discovered on March 19, 2014 that the names and Social Security numbers of 2,166 people who had studied at the university's Homewood campus between 2007 and 2009 had been stored on a publicly accessible server.
"Somebody had stashed them on a machine, not realizing that when they did that, the files would be accessible on the Internet," O'Shea said.
While it's not clear whether or not the records were accessed by anyone with malicious intent, O'Shea said logs show that the records were accessed a few dozen times.
The files have since been taken offline, and all those affected are being offered one free year of access to a credit monitoring and identity protection service.
Photo courtesy of Shutterstock.