11,000 UF students' info put on Web

By Jennifer Lebovich

Jun. 11, 2008 (McClatchy-Tribune Regional News delivered by Newstex) -- The personal information of more than 11,000 current and former University of Florida students was compromised after being posted on a school website, officials said Tuesday.

The information, which included Social Security numbers, was put on a school tutoring site without a password.

In the wrong hands, Social Security numbers can be used to open credit card accounts, get government benefits or apply for a job.

Letters were sent out Tuesday to students notifying them of the privacy breach, which was discovered last month during a routine school audit.

School officials emphasized that the site would not have been easy to find and they do not believe it was accessed by anyone outside the school.

The site contained information from students at the school from 2003 to 2005 who expressed an interest in tutoring through the Office for Academic Support and Institutional Services, said Steve Orlando, a UF spokesman.

"The risk of someone outside actually finding this information and using it inappropriately is very low," Orlando said.

"We've done computer forensics, and we don't have any evidence that anybody accessed this information," he added.

"But because we can't say that with absolute certainty, we're going through with the notification out of an abundance of caution," Orlando said.

The site has since been taken down and the information has been removed from the UF system.

Two former students who worked in the office were trying to create a database for tutoring and included for about 11,300 students.

Only students from the College of Liberal Arts and Sciences would have had information on the site, Orlando said.

Orlando said it was unclear why the Social Security numbers were used for the database.

In 2002, the school switched from Social Security numbers to an eight-digit ID to track students to prevent such a problem.

"This would certainly appear to be the largest privacy breach we've had," Orlando said.

The news unnerved 24-year-old Jennifer Reixach, who graduated from UF in 2005.

"Why would it be necessary to use a Social Security number instead of something else?" asked Reixach, pointing out that students were given ID numbers. "It's just silly.

Reixach of Pembroke Pines did not know if her information had been on the site, but she said she planned to check.

"It's negligence on their part, especially if anyone has been affected with identity theft," she said.

UF is constantly combing through pages on the school's site and making sure personal information isn't accidentally posted, Orlando said.

"We're in the process of strengthening some of those policies regarding what information can be posted and what security measures should be in place," he said.

Letters were mailed to all students whose information was on the site except for about 570 students for whom the university had no contact information.

Newstex ID: KRTB-0123-25917844