Quick Facts

• Date: 12/31/2008
• Institution: Ohio State University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 18,000
• Source: Pogo Was Right
• Abstract Source: Columbus Dispatch

Abstract
Ohio State University is working to notify current and former students after student personal information was found accessible via the Internet. The information, including Social Security numbers, names, address and enrollment dates, was accidentally placed on a server exposed to the Internet. OSU has traced the mistake to a third-party vendor working with the university's student health insurance program. The breach appears to have affected 18,000 students enrolled in the insurance program from Fall 2005 to Summer 2006. OSU is offering these individuals 12 months of free credit monitoring. According to OSU officials, the university became concerned in September when students began contacting the university after finding their personal information online. OSU has setup a web site - www.studentlife.osu.edu/dataexposure/ - with more information on the incident.