Skip to Content

Information Security Office

OSU students told that private information was on Internet
About 18,000 current, former students affected
Wednesday, December 31, 2008 11:01 AM
By Encarnacion Pyle

THE COLUMBUS DISPATCH
Ohio State University has notified 18,000 current and former students that their names and Social Security numbers were mistakenly stored on a computer server exposed to the Internet. A vendor doing work for Ohio State's student health insurance plan made the mistake. Only students enrolled in the school's insurance program from fall 2005 to summer 2006 are affected.

Ohio State officials said the students' personal information has been deleted from Internet search engines and they haven't heard of any cases of identity theft related to the incident. Still, the school is offering 12 months of free credit protection for those affected.

OSU officials became concerned when a small number of students said they had found their personal data on the Internet in September. Officials said the information was provided to a contractor to print student health ID cards and was never intended to be placed on an Internet-accessible server. The data included student names, Social Security numbers, addresses and coverage dates for those enrolled in the health insurance plan for three quarters in 2005-06. About 4,000 of the estimated 18,000 students affected are still enrolled at Ohio State.

Ohio State sent a letter Monday to those affected apologizing for the incident. The school also has created a Web site and hotline. The Web site is http://www.studentlife.osu.edu/dataexposure.