Liberty Coalition reminds affected individuals to get informed about UH privacy leak

Hawaii Independent Staff

HONOLULU—Last November, the University of Hawaii at Manoa breached the personal information of 40,101 students who attended between 1990-1998 and 2001, including names, social security numbers, dates of birth, addresses, demographic, and detailed academic performance data.

Civil liberties group Liberty Coalition is sending out a reminder that these UH Manoa students are at increased risk of identity theft and fraud. The information was posted on an insecure, unencrypted UH West Oahu website for almost a year. Some of the affected alumni attended UH West Oahu. Alumni attending other years and on other campuses may have also been affected by the breach. This latest breach follows on the heels of a May, 2010 breach involving 53,000 students, and a 2009 breach involving 15,487 parents and students.

Liberty Coalition will hold a conference call and answer questions on Wednesday November 3 at 10:30 a.m. Hawaii time. Dial: (610) 214-0200, Code: 863597#.

Aaron Titus, Liberty Coalition’s Information Privacy Director, discovered the breach.

The vast majority of the breached information was placed online on November 30, 2009 at 2:46 p.m. by a now-retired Institutional Research Office (IRO) faculty member, as a part of a longitudinal study, Titus said in a statement. The faculty member had intended to use the information to replicate a 15-year-old study, but he retired before completion. The faculty member also told the Liberty Coalition that he had transferred large amounts of student information to his home computer for easier access. He deleted the remainder of this information after this breach came to light.

Liberty Coalition said the majority of the over 40,000 records are in-depth student statistical data including things like gender; marital status; number of dependent children; existence of a physical, hearing, mobility, learning, psychological, visual disability or traumatic brain injury; and highest level of education attained by each parent.

Titus discovered the files using a Google search. University officials took the files offline within hours after the Liberty Coalition alerted them, immediately began an internal investigation, and reported the incident to the FBI and local law enforcement. University officials will issue their own media release about the breach and will directly notify all the individuals who may be affected.

Although the breach was inadvertent, several aspects of the events violate the Family Educational Rights and Privacy Act (FERPA) and the University’s Privacy Policy.

The UH Registrar’s Office encourages students to report failures of this sort to the U.S. Department of Education Family Policy Compliance Office: 400 Maryland Avenue, SW, Washington, DC 20202-4605. Call (202) 260-3887 or fax (202) 260-9001. Students may also ask for a hearing before the Dean of Students by completing FERPA Form 7, “Request for Hearing.”

Individuals with questions should visit nationalidwatch.org to find out whether they were affected, read UH’s announcement, and call the University of Hawaii West Oahu ID Alert Hotline at (808) 956-6000.