Thousands who received payments from the University of Arizona last school year are at risk of identity theft after their personal data was mistakenly put online for more than a month during an upgrade of UA's financial systems.
About 7,700 vendors, consultants, guest speakers and UA students had their names and Social Security numbers compromised in the incident that occurred in February and early March, a school official said.
The problem came to light when a UA student Googled herself and her private information popped up on a UA computer server accessible to the public, said Cathy Bates, the university's information security officer.
The sensitive data was embedded within a larger set of files being transferred to the UA new financial system, Bates said. Officials mistakenly thought they contained only public information, so the server was set up for public access.
Upon investigation, the UA learned the personal data belonged to several thousand people who had submitted their names and tax ID numbers to the university to receive payments or reimbursements.
Further checking showed some of the personal data had been accessed by strangers in cyberspace, Bates said.
She said UA has taken steps to prevent a recurrence, and is offering a free year of credit monitoring to those affected. A letter announcing the remedy was sent to victims in May. But many assumed the offer was shady, so UA recently sent a follow-up letter to assure them it's bona fide, Bates said.
Those with questions can call UA's incident contact line at 621-4746.
Contact reporter Carol Ann Alaimo at firstname.lastname@example.org or at 573-4138.