For the second time in less than a year, University of Hawaii officials are dealing with another massive data breach that exposed students' and alumni's most sensitive personal information for almost a year.
This time around, university officials said a faculty member in December accidentally uploaded the names, Social Security numbers, addresses, birth dates and educational data of more than 40,000 alumni to an unencrypted Web server from the university's West Oahu (UHWO) campus.
The data, which was to be used for a university-sponsored survey, was available online until the security gaffe was brought to university officials' attention on Oct. 18 by the Liberty Coalition, a nonprofit, consumer privacy and data protection organization based in Washington.
In a security advisory, University of Hawaii officials said both the FBI and the Honolulu Police Department were notified immediately after the breach was confirmed and officials disconnected the unsecured server to prevent further exposure.
"At this time, UHWO has no evidence that anyones personal information was accessed for malicious intent," university officials said in a statement. "UHWO is also working with the UH System to adopt more proactive security measures to ensure better privacy protection."
The affected alumni who are being notified this week include those who attended UH's Manoa campus from 1990 through 1998 and during 2001 and students who attended the UH West Oahu campus during the fall of 1994 or graduated between 1988 and 1993.
In July, the University of Hawaii confirmed that hackers managed to infiltrate a parking office server at the Manoa campus, exposing the names, Social Security numbers, addresses and driver's licenses of some 53,000 students, employees and faculty members.
Last November, officials at Chaminade University, also in Hawaii, copped to a security breach in which a university employee accidentally posted the names and SSNs of some 4,500 students to the school's website for several months.
Security software vendor McAfee (NYSE: MFE) last month warned that universities and colleges are the institutions most likely to expose consumers' Social Security numbers and other personal information.
Keep up to date with the latest university data breaches; follow eSecurityPlanet on Twitter @eSecurityP.