Columbia University recently informed 3,000 current and former employees and 500 sole proprietors that their names, addresses, Social Security numbers and bank account numbers had been mistakenly published online.
"According to the letter from Jeffrey F. Scott, Executive Vice President for Student and Administrative Services, the breach occurred when a programmer erroneously saved what was supposed to be an internal test file on a public server in January 2010," DataBreaches.net reports.
"The file remained on the public server for two years until it was discovered because Google indexed it, Columbia explained," Infosecurity reports. "The university said it was informed of the breach on April 16 and immediately secured the file and removed it from Google’s index."
"Even though access logs for the file say that it was not accessed by anyone while it was online, the university -- likely schooled by four similar incidents that happened to it in the last seven years -- has promptly notified the victims about the matter, apologized, and offered a free two-year subscription to a credit monitoring system to each of them," writes Help Net Security's Zeljka Zorz.
"Columbia continues to strengthen its measures to protect sensitive information, including the implementation of additional tools to search for sensitive information inadvertently placed in locations that are not secure," the university said in a statement. "Columbia is also strengthening its policies and procedures on where sensitive information should be stored on its systems."