The data of approximately 146,000 Indiana University students and recent graduates who attended the school from 2011 to 2014 was potentially put at risk, according to a press release from the university.
While the university has said that “no servers or systems were compromised,” administrators made the decision to “begin notifying all affected students of the possible data exposure this week,” the press release said.
A staff member discovered that data, including names, addresses and Social Security numbers, had been stored for the past 11 months in a location that was not secure. The university determined that data had been downloaded by three automated webcrawling programs and was not the target of an illegal attempt to gain information.
Still, the university “is committed to assisting those whose information was potentially exposed,” the release said. In response, the school will set up a call center by 8 a.m. EST on February 28 to handle questions from people whose information may have been compromised. It has also set up a website with credit monitoring tips and sent the names and Social Security numbers of those affected to all three major credit bureaus.