Cal Poly Pomona is notifying 38 current and former faculty members in the College of Business Administration that their personal information was unintentionally made accessible to people within the college.
The university¿s Information Security Office was alerted of the breach Aug. 2, and officials immediately deleted files and restricted access to the shared network. Letters and emails notifying the 38 affected people were sent Aug. 8.
The initial investigation found that a staff member placed two documents containing full names and Social Security numbers in a folder in a shared network, unaware that it could have been accessed by students, faculty and staff members in the college.
The documents, which were located at least three levels deep in the shared network, was used for normal administrative purposes.
There is no indication that the personal information was targeted, copied or will be used for any unlawful purpose. In addition, the information was not on a public network.
The breach of data has prompted an internal review of university policies and procedures regarding the storage and handling of confidential information. The university is in the midst of implementing a multiyear and multi-layer program to bring all computers and servers to an optimal level of security. The Information Security Office is also extending its continuing education program to 600 employees with access to confidential data.