UGA investigating online exposure of personnel information

Athens, Ga. ­– The University of Georgia recently discovered a data file on a publicly available Web server that contained sensitive personnel information on 18,931 members of the faculty and staff employed at the institution in 2002. The university took the information off-line immediately upon learning of the exposure and began conducting an investigation.
The file, created for legitimate internal administrative purposes, was accessible on the web from 2008 to 2011, and possibly dating back to 2002. The file included the social security number, name, date of birth, date of employment, sex, race, home phone number and home address of individuals employed at UGA in 2002.
“We deeply regret this situation and will take steps to notify and support the affected current and former faculty and staff,” said Timothy Chester, chief information officer.  Those affected will be notified by mail or other means for which a contact can be developed.
“We will continue to investigate the details surrounding this situation and we are working with a third-party firm who is assisting in the investigation and conducting an assessment of our infrastructure and practices to reduce the risk of a further occurrence,” added Chester.
Anyone employed at UGA during 2002 should take appropriate steps to guard against identity theft by using the guideline outlined on this website:
Additionally, those affected should review the information contained in http://www.infosec.uga.edu/sate/idtheft.php to learn more about recommended precautions. By following the steps recommended, individuals can minimize the risk of identity theft.
Comprehensive information on this incident, including a frequently asked questions guide, is available at http://fraudconcerns.uga.edu or by contacting the University of Georgia via the EITS HelpDesk at 706/542-3106 or helpdesk@uga.edu.