The Clarion-Ledger reports that an employee of the University of Mississippi Medical Center mistakenly attached a spreadsheet containing 2,279 students' personal information to a mass e-mail sent on August 21, 2013 informing students of changes being made to the school's health insurance (h/t DataBreaches.net).
Data contained in the spreadsheet included the students' names, Social Security numbers, GPAs, race, gender, birthdates, mailing addresses and phone numbers.
In the hour after the mass e-mail was sent, the university sent four recall e-mails, then began to remove the remaining e-mails manually from the students' webmail accounts.
"We sincerely apologize for this mistake," UMC spokesman Jack Mazurak said. "We always strive to do our best and, in the event of mistakes like this, to act quickly and follow up with the people who may be affected."
In a later article, the Clarion-Ledger reported that Dr. James Keeton, vice chancellor for health affairs, said the university is evaluating different companies to provide free identity theft protection for all those affected.
Keeton said the person who attached the spreadsheet to the mass e-mail was a longtime employee who did so by mistake. "She could not feel worse," he said. "She is at work today, and she's devastated by this."