Indiana University says it is informing about 146,000 students and recent graduates in its seven-campus system that their personal data were inadvertently exposed to automated webcrawling programs since last March.
Files including students’ names, addresses and Social Security numbers — stored in an unsecure location — were accessed three times by automated data-mining applications, which are used to improve Web searches, the university said Tuesday.
No servers or systems were compromised, and the information “was not downloaded by an unauthorized individual looking for specific sensitive data,” the university said in a news release.
“This is not a case of a targeted attempt to obtain data for illegal purposes, and we believe the chance of sensitive data falling into the wrong hands as a result of this situation is remote,” said James Kennedy, the school’s associate vice president for university student services and systems. “At the same time, we have moved quickly to secure the data and are conducting a thorough investigation into our information handling process to ensure that this doesn’t happen again.”
The university said it notified the Indiana attorney general’s office about the exposure Tuesday.
The data includes students in the IU system from 2011 to 2014.