BLOOMINGTON, Ind. – Indiana University says it has spent more than $80,000 responding to a computer data breach that exposed personal information of some 146,000 current and former students.
The university reported last month that information, including names, addresses and Social Security numbers of those who attended any of the university’s campuses from 2011 to 2014, was unsecured for more than 11 months because security protections weren’t working correctly.
An investigation hasn’t yet turned up evidence that any information has been compromised or improperly used, university spokesman Mark Land told The Herald-Times.
A call center number (866-254-1484) set up for questions about the data breach will remain active through at least this week, Land said. It has received about 950 calls so far, with roughly half coming on the first day.
About 700 personnel hours by IU employees have been spent so far on its response, Land said.
IU officials believe that no outside person had accessed the encrypted data. The information was immediately secured, and officials are looking at all processes to make sure that it doesn’t happen again, Land said.
He said three “web crawlers,” or data-mining applications, had accessed the data. The crawlers were one for Google, one for a search engine that no longer exists and one for Baidu, a Chinese search engine, he said. Land said Google has since cleared the information.
University officials notified all those involved, primarily by email, Land said. About 6,200 people didn’t have emails on file with the university, so IU spent more than $6,000 to mail out letters.
The call center was contracted by the university at $75,000, he said.