The personal information of 364,012 current, former, and prospective students was accidentally exposed on Auburn University’s website for six months, The Birmingham News reports. The information may include the Social Security numbers of students who didn’t even apply to Auburn.
"We didn’t apply, we didn’t send our SAT/ACT scores, we have nothing to do with Auburn, and we’re angry," Lyndsay Medlin, a student at the University of Virginia School of Law, told the newspaper, referencing herself and three classmates who received letters from the college notifying them of the mistake.
Mike Clardy, an Auburn spokesman, confirmed that nonapplicants’ information had been exposed. The breach occurred as a result of how the university replaced a broken server.
Auburn has offered two years of free credit monitoring and identity protection to the individuals whose data were exposed.
"We have informed callers of the ways their information may have been included in our system, including information received from testing organizations," Mr. Clardy said. "Like most universities, we obtain information from the ACT and SAT organizations for recruitment purposes so we can send information to admissions prospects. This is separate from the records we also receive from the SAT and ACT as a part of admissions applications."
Read more at The Chronicle of Higher Education: http://chronicle.com/blogs/ticker/auburn-accidentally-published-personal-information-of-students-who-didnt-apply-to-auburn/96865