Cal Poly Pomona is notifying 675 former student applicants that their personal information was inadvertently accessed. The information includes names, addresses, phone numbers and Social Security numbers; no financial data was involved. After a comprehensive review, there was no indication that anyone other than the individual who alerted the university had accessed the data.
On Nov. 17, a former student notified the university that he accessed an Excel file containing his personal information. He came across the file while searching Google for information about himself. This file contained the personal information of applicants from 2001 and was stored on an old server scheduled for replacement in 2009. The university took immediate action to secure the file and remove the data. The Information Security Office began an investigation and determined that this data breach was unintentional as the file had been mistakenly placed in a publicly accessible folder.
As a matter of caution, the university is alerting those individuals whose personal information was in the accessed file.
“We sincerely regret that this data was not secure,” said Dr. Debra Brum, vice president for Instructional and Information Technology. “Everyone at the university plays a role in protecting personal information, and we take this responsibility very seriously.”
Cal Poly Pomona is constantly reviewing its information security program and controls. The university is in the process of implementing a multiyear and multi-layer program to bring all computers and servers to an optimal level of security.