Personal and financial information of 3,000 current and former employees of Columbia University and 500 other individuals have been available online from January 2010 to March 10, 2012, according to a breach notification sent out by the education institution last week.
The file containing names, addresses, Social Security numbers and bank account numbers (but not the names of the banks or the routing numbers) of the affected individuals ended up online after a programmer saved it by mistake on a public server, and Google expectedly indexed it.
Still, it took over to years to discover them mistake – presumably, after one of the affected individuals was shocked to discover the information when doing some online reputation checking? – and the file was finally pulled and deleted from Google’s Index.
Even though access logs for the file say that it was not accessed by anyone while it was online, the university – likely schooled by four similar incidents that happened to it in the last seven years – has promptly notified the victims about the matter, apologized, and offered a free two-year subscription to a credit monitoring system to each of them.