UF notifies students of online records privacy breach

June 10, 2008

GAINESVILLE, Fla. — University of Florida officials today mailed letters of notification to more than 11,300 current and former students regarding a privacy breach that resulted in names, addresses and Social Security numbers being posted online that may have been accessible to the public.

The student information was actively used from 2003 through 2005 and remained posted until it was recently discovered during a routine audit of UF systems. The information has been removed and is no longer available online or elsewhere in the UF systems.

The breach occurred when former student employees of the Office for Academic Support and Institutional Service, or OASIS, program created online records of students participating in the program. The student employees posted the information online so that they could work with it from remote locations, but they did not install security measures to keep others from accessing it as well, said Joe Glover, interim dean of the College of Liberal Arts and Sciences, or CLAS.

The university sent letters of notification to about 11,300 students whose information is believed to have been potentially compromised. University officials were unable to find contact information for about 570, so they are asking students who were enrolled in CLAS from 2003 to 2005 and did not receive a letter but who believe their information may have been compromised to call UF’s Privacy Office Hotline at 866-876-HIPA and provide the requested information. Anyone who thinks he or she may be one of the 570 people who were not notified is urged to go to http://privacy.ufl.edu and read the information posted there before calling the privacy hotline.