Dec. 7, 2007
Error exposes data on law school computer network
Some faculty, staff and students in the University of Iowa College of Law had the ability to access restricted information on the college's computer network, likely as the result of a technological error that occurred earlier this fall and has since been corrected.
"We know that a file containing information about one course was accessed, but it did not contain any personal identifying information," said Steve Fleagle, the university's chief information officer. "Because of that, we believe the risk of any kind of identity theft resulting from this technical malfunction is extremely low."
Fleagle said the data was likely exposed in September, when a change in the security settings of a network folder triggered the error and allowed access to other files on the law school's network that did contain personal identifying information. While some students were supposed to have access to the single spreadsheet file, the security malfunction allowed other students to obtain access privileges as well.
The malfunction also meant that all of the students with access to the spreadsheet had access to the other files. Kirk Corey, the College of Law's information technology director, estimates about 125 students could have accessed the files. The files contain information about current students, as well as from some past students and prospective students going back to at least 1998.
The exposure came to the attention of law school administrators Nov. 30 and security settings were immediately changed to protect the personal information.
Corey said there is no indication that other information was accessed. "The spreadsheet file that was accessed contained only the names of students and their assignment scores," he said. "It did not contain grades, Social Security numbers, or any other kind of identifying information. Although unauthorized individuals could view these scores, they could not forge or alter them."
He said the affected files could only be accessed through university computers.
"We are deeply concerned that this happened, and we want our students and alumni to know we are working hard to make sure their personal information was not taken for misuse and that this kind of incident will not happen again," said Carolyn Jones, dean of the College of Law.
STORY SOURCE: University of Iowa News Service, 300 Plaza Centre One, Iowa City, Iowa 52242-2500MEDIA CONTACTS: Steve Fleagle, Information Technology Services, 319-384-0595, email@example.com; Carolyn Jones, College of Law, 319-335-9034, firstname.lastname@example.org; Kirk Corey, College of Law, 319-353-5512, email@example.com; Tom Snee, University News Services, 319-384-0010, firstname.lastname@example.org