Computer glitch exposes personal information at USC

  • BY NOELLE PHILLIPS
    nophillips@thestate.com
  • Posted: Saturday, March 5, 2011 12:01 a.m.
    UPDATED: Sunday, March 18, 2012 6:31 p.m.
  • Text size: A A A

Columbia -- The University of South Carolina experienced a computer security breach that exposed on the Internet the Social Security numbers and other private information of nearly 31,000 faculty, staff, retirees and students.

The breach was discovered in January on a computer server at USC Sumter, but it potentially affected people throughout the university's eight campuses.

It's not the first time USC has reported such a computer security breach, but this latest incident may be the largest.

"Letters went out as soon as individuals were identified," USC spokeswoman Margaret Lamb said Friday. "There is no evidence that anyone's personal information was compromised or used improperly. USC Sumter has addressed the matter, notified the individuals and provided them guidance on how to protect their information."

Still, USC Sumter didn't mail the letters until March 1, several weeks after the breach was discovered. Letters warned of the security breach and explained to those who might be affected how to check credit records.

"We've done everything we can do to address the matter," William T. Hogue, USC's vice president for information technology, said Friday.

Several people contacted The State after receiving letters on Thursday. They represented faculty, staff, students and university retirees, including some who studied and worked at the USC campus in Columbia but had never been affiliated with the Sumter campus.

The Columbia campus data was on a USC Sumter server because the university system's eight campuses share data and information for comparison, benchmarking and planning purposes, Lamb said.

The security breach was caused by human error, Lamb said, although the university would not provide details on how it happened.

The USC Sumter computer server where the information was stored was taken offline within two hours of the breach's discovery, Lamb said.

Letters were not mailed until March because the university wanted to identify the people affected, she added. They said, in part, that the university "has addressed the problem, and your information is no longer exposed."

The letter also recommends that its recipients place an initial fraud report on their credit reports and gives contact information for the three major credit bureaus. A fraud alert provides notice before any new lines of credit are opened. The university also wrote that it had a hotline where potential victims can receive further information.

However, callers are not receiving much information about what happened, said Paul Higgins, a retired sociology professor who taught at the Columbia campus. "I guess I'm a little bit disappointed that USC Sumter has provided so little information," Higgins said.