US Stanford University alerts employees of possible leakage of their private information
US Stanford University Friday warned 10,000 employees and students about possible exposure of their sensitive personal information that may have been accessed illegally from its file-sharing servers on several campuses.
The university said in a statement that it has sent alert mails to the employees, including former employees, and students about the possible breach of data, such as their Social Security numbers, birth dates, salaries and confidential financial aid information for MBA students.
"We extend the deepest apology to the employees and former Stanford students who expected that their personal information would be treated with the greatest care by campus offices," said Randy Livingston, vice president for business affairs, in the statement.
"This is absolutely unacceptable. Our community expects that we will keep their personal information confidential and secure, and we have failed to do so," he said.
The massive exposure of the private information did not result from a hack but an employee slipup, which was patched up by a tech team without notifying the dean of the Graduate School of Business (GSB) or relevant university offices.
Stanford said there is no direct evidence that personally identifiable information was accessed from the GSB file, but all impacted employees and students who may have had personally identifiable information exposed will receive notification letters as a precaution.
"The proliferation of file-sharing platforms requires that everyone be vigilant in assuring that confidential information remains secure, old files are deleted and permissions are regularly reviewed," Stanford said.
The incident involving employee information from 2008 was the third data breach acknowledged by the campus in the last two weeks.
The data exposure was discovered by a GSB student who found a computer glitch that allowed public access to thousands of confidential student financial aid records.
"There is no excuse for this compromise of privacy and security, and I intend to do everything possible to ensure that it does not happen in the future," GSB Dean Jonathan Levin wrote to the Stanford community on Nov. 17.
Stanford said its Information Security Office is "working closely with IT leadership throughout campus to develop a comprehensive plan for addressing this problem broadly and sustainably across all file-sharing platforms in use at the university."
The Information Security Office has contacted file-sharing owners throughout the university to urgently review all file-sharing permissions to prevent similar data exposure in the future, Stanford said.
