UF officials mailed letters to more than 11,000 current and former students of the College of Liberal Arts and Sciences Tuesday to inform them that their private information, including Social Security numbers, was posted online and may have been accessible to the public.
Computer forensics have determined with near certainty that no one had inappropriately accessed the information, said Steve Orlando, UF spokesman.Names and addresses were also collected and posted by two former student employees of the Office for Academic Support and Institutional Service, or OASIS, on a Web page they created in the UF system.
The employees wanted to be able to access the information off campus but did not secure it, according to a Tuesday UF news release.
The data was collected from students who wanted to schedule tutoring. The page was used between 2003 and 2005 and was potentially accessible to anyone until it was discovered and removed in May.
Officials are trying to determine why Social Security numbers were collected, Orlando said.UF used Social Security numbers to identify students until 2002, when students were given a UFID number. It's possible that there had been confusion over whether it was still appropriate, he said.
The UF Privacy Office would not comment to the media Wednesday.
The breach was discovered in an ongoing effort that began last year to audit all information on UF systems. Orlando said it is likely that more breaches will be discovered as the audit continues.
This is the largest privacy breach discovered at UF, he said. By Wednesday afternoon, UF officials had received about 170 phone calls, and the Privacy Office Web site had 2,700 hits.
Officials could not find contact information for about 570 students who may have been affected.
Johann Arias, a spring CLAS graduate, had not heard about the breach Wednesday and said UF should be doing more to notify those affected.
"They always make information very prominent when you have a hold or owe them money," Arias said.
The privacy breach is not unique to UF. In a similar situation Wednesday, the Columbia Daily Spectator reported that the Social Security numbers of 5,000 current and former Columbia University students had been posted online. Columbia arranged two-year subscriptions to a credit-monitoring service for the affected students, the paper reported.
Orlando said UF officials discussed a similar offer, but it was shot down because research shows identity theft is unlikely in a situation like this, and it would cost about $32 per subscription.
Students who do not receive a letter but suspect that their information may have been compromised should visit privacy.ufl.edu and call UF's Privacy Office Hotline at 866-876-HIPA.