HONOLULU, Hawaii. The University of Hawaii-Manoa and has breached the personal information of 40,101 students who attended between 1990-1998 and 2001 and West Oahu in the fall of 1994, or who graduated between 1988-1993. The information included names, social security numbers, dates of birth, addresses, demographic, and detailed academic performance data. These UH students are at increased risk of identity theft and fraud. The information was posted on an insecure, unencrypted University of Hawaii-West Oahu (UHWO) website for almost a year. This latest breach follows on the heels of a May, 2010 breach involving 53,000 students, and a 2009 breach involving 15,487 parents and students. You may Download the MP3 of the Liberty Coalition's Nov. 3, 2010 Press Conference.
The vast majority of the breached information was placed online on November 30, 2009 at 2:46pm by a now-retired Institutional Research Office (IRO) faculty member, as a part of a study to figure out why students drop out. The faculty member had intended to use the information to replicate a 15-year-old study, but he retired before completion. He also said he had transferred large amounts of student information to his home computer for easier access. He deleted the remainder of this information after this breach came to light. The University of Hawaii has not commented on whether other faculty members student personal information to their home computers.
The majority of the 40,000+ records are in-depth student statistical data including things like Gender; Marital Status; Number of Dependent Children; Existence of a Physical, Hearing, Mobility, Learning, Psychological, Visual Disability or Traumatic Brain Injury; and Highest Level of Education Attained by each Parent. Three of the other names and SSNs were in a grading sheet from a 2006 PSY 606 class.
The Liberty Coalition discovered the files using a Google search. University officials took the files offline within hours after the Liberty Coalition alerted them, immediately began an internal investigation, and reported the incident to the FBI and local law enforcement. University officials have issued a media release about the breach and mailed letters to the last known addresses of victims.
The Registrar's Office encourages students to report breaches of the Family Educational Rights and Privacy Act to the U.S. Department of Education Family Policy Compliance Office: 400 Maryland Avenue, SW, Washington, DC 20202-4605. PH: (202) 260-3887 or FAX: (202) 260-9001. Students may also ask for a hearing before the Dean of Students by completing FERPA Form 7. Some alumni have started a victim's Facebook Page
Alumni can do the following things:
In addition to names, social security numbers and dates of birth, some or all of the following information was breached for each student:
The information on this page was compiled by the Liberty Coalition, which bears sole responsibility for its accuracy.