Columbia University Medical Center (CUMC) recently began notifying 407 medical students that their names and Social Security numbers had been inadvertently released to Columbia students, faculty and staff by e-mail (h/t DataBreaches.net).
An Excel file that was attached to the e-mail in question contained the medical students' residency match list, but also included a hidden column containing some Social Security numbers.
While the issue was first discovered regarding a March 2013 e-mail containing graduating medical students' information, it was later discovered that residency match lists in 2008 and 2009 also contained the same hidden column.
"The security incident was unintentional, and we have no evidence of wrongdoing or identity theft," the medical center stated in the notification letter [PDF]. "However, we are making this notification so that you can take extra precautions related to identity theft and your personal credit."
All those affected are being offered a free one-year subscription to Experian's ProtectMyID Alert credit monitoring service.