Tenessee's Volunteer State Community College recently began notifying approximately 14,000 students and faculty that some of their personal data, including names and Social Security numbers, had mistakenly been made available online.
The data was on a Web server used by faculty to post course information, and the college says no credit card or financial information was exposed. As soon as the breach was discovered, the files were immediately removed from the server.
"We are notifying the affected students and faculty members as a precaution," Bruce Scism, the college's interim president, said in a statement. "We have contacted the major credit reporting agencies and informed them that some of our students' and faculty member’s personal information may have been accessible. We want to err on the side of caution."
"We regret what has happened and apologize for the inconvenience this may cause," Scism said. "Vol State takes the protection of personal information very seriously. The college had policies and employee training sessions regarding the protection of such information. Vol State is reviewing and changing those processes in order to keep personally identifiable information in a secure environment. The college has already implemented several measures that should keep a problem like this from recurring."
"College officials say those on the list should place a 'fraud alert' on their credit files with the major credit bureaus," writes The Tennessean's Andy Humbles. "All affected students will receive one year of credit protection from Volunteer State Community College upon request."