UF notifies thousands of possible breach of 'Grove' computer system

February 19, 2009

GAINESVILLE, Fla. — University of Florida officials are making every effort to notify more than 97,200 people that an intruder gained access to a computer system containing files with their personal information.

The files included the names and Social Security numbers of students, faculty and staff who used the “Grove” computer system between 1996 and 2009. When it was created, this system provided an online location for faculty to host course materials and class information, and it supported one of the few free e-mail services available to those on campus. Users of the computer system were required to verify their identification with their UF ID numbers, which in most cases were Social Security numbers. At the same time, some faculty housed class records that included student names and their UF ID numbers on the system. UF stopped using Social Security numbers as UF ID numbers in 2003.

The breach was discovered Jan. 14 during a systems review by an information technology staff member. The system was immediately shut down, and an investigation began. The investigation confirmed unauthorized access to the system, but it could not determine if files containing private information were accessed. The University Police Department was notified of the incident.

The computer system involved in this incident has been retired. The university is conducting an internal review to identify similar systems at the university that also could be vulnerable to illegal access. UF continually fine tunes its security protections and has increased efforts to identify potential threats and secure computer systems in recent years.

There is no evidence the intruder obtained any confidential information stored on the system, but the university urges anyone who believes his or her information may have been on this system to take appropriate precautions. Letters explaining what happened and how to guard against identity theft are being sent to those whose mailing addresses have been identified. Most of those are in Florida.

The university has no contact information for more than 5,000 people. Anyone who thinks he or she may be one of the 5,000 people who were not notified by mail should read the information provided on UF’s Privacy Web site at http://privacy.ufl.edu. Concerned individuals may also call UF’s Privacy Office Hotline toll-free at 1-877-657-9133.