Miami University of Ohio, 21,762 SSNs, Staff
Miami University is notifying all students who attended Miami during the fall 2002 semester that a report containing their names, Social Security numbers and grades had been inadvertently placed in a file accessible through the Internet.
University officials said that at this point they have no evidence of illegal use of the information, which included data on the 21,762 students enrolled on all Miami campuses in fall 2002. No other students were affected.
Officials say the information was in an isolated area of the university’s network, in a file assigned to a now-retired faculty member, and thus avoided detection until this week when an alumna told Miami she had discovered the file after entering her name in a search engine.
(From “Miami notifying students, alumni of privacy breach,” via Chris Walsh.)
Of course they have evidence of illegal use of the information. The information was posted in direct violation of FERPA. Granted, I think enforcement of FERPA is civil, not criminal, but still. The thing speaks for itself. I hope the students make use of their rights under FERPA and sue the hell out of MU.