Cybersecurity stock

COLUMBIA — About 3,000 South Carolina college scholarship recipients had their personal information exposed online for nearly a year, state regulators revealed Monday.

Letters notifying affected Palmetto Fellows scholarship awardees were mailed Sunday, the S.C. Commission on Higher Education said.

A glitch in switching programs exposed personal data, including names, addresses and Social Security numbers since May 2017, the commission said.

The agency learned about the problem when a scholarship recipient reported Wednesday finding their information during a web search. The commission removed the information usually available just to colleges. 

A review found two or three instances of unauthorized access while the data was available online, but it remains unclear who saw the information or whether any details have been used by identity thieves, the commission said.

The data could be found only with a detailed web search, the agency said.

The S.C. Department of Consumer Affairs and national credit rating agencies were notified about the data exposure. The State Law Enforcement Division said it is working with the commission to examine the exposure. 

"While there is no evidence at this time to suggest that your information has been, or will be, used in any malicious way, we wanted to notify you of this incident out of an abundance of caution and in accordance with our commitment to transparency," the college commission said in its letter to people affected by the information exposure.

"On behalf of the S.C. Commission on Higher Education, we offer our sincerest apology that this unfortunate incident occurred," the letter said.

South Carolina went through what is believed to be the worst online security breach at a state agency when information belonging to 6.4 million taxpayers and businesses was stolen by a hacker in 2012 from the Department of Revenue.

The last reported data leak from a state agency came from the Department of Employment and Workforce in 2013 when an employee allegedly downloaded the personal information of more than 4,500 current and former employees, according to a database from California consumer advocacy group Privacy Rights Clearinghouse.

Follow Shain on Facebook and Twitter

Columbia Bureau Chief

Shain runs The Post and Courier's team based in South Carolina's capital city. He was editor of Free Times and has been a reporter and editor for newspapers in Charlotte, Columbia and Myrtle Beach.