Data breach affects LECOM students [Erie Times-News, Pa. :: ]
(Erie Times-News (PA) Via Acquire Media NewsEdge) May 18--Lake Erie College of Osteopathic Medicine students' names and Social Security numbers were inadvertently posted on the Internet in April and accessed by Google's search engine.
The data breach originated from Hubbard-Bert Inc., an Erie business that provides health insurance to LECOM students, said Pierre Bellicini, LECOM spokesman.
"It was not a breach of LECOM computers," Bellicini said. "But we have taken action."
Bellicini referred other questions to Hubbard-Bert, including how many students were affected by the data breach.
Dave Ciacchini, president of Hubbard-Bert, said the company would not comment on the data breach unless LECOM officials authorized him to do so. Bellicini indicated the medical school would not do that.
Posting students' names and Social Security numbers online puts those students at risk of identity theft, said John Abel, senior deputy attorney general for the Pennsylvania Bureau of Consumer Protection.
"The main concern is that bad guys get this information and use it to apply for a credit card," Abel said. "They might even assume your identity and do things like file for bankruptcy or run up large credit card bills."
The data breach was first discovered by a LECOM student, according to an e-mail that Joe Kelly, Hubbard-Bert vice president, sent to LECOM students April 25.
"There was inappropriate access by the Google search engine to our nonactive working server," Kelly said in the e-mail. "A test sampling of students' names and Social Security numbers was inadvertently accessed by Google."
Hubbard-Bert worked with Google to remove the names and numbers from their web servers, Kelly said in the e-mail. Google first accessed the servers on April 14, and Kelly said in the April 25 e-mail that the information could remain on the servers for "an additional eight days."
Bellicini said the students' names and numbers are no longer on the servers.
Hubbard-Bert is offering the affected students one year of credit monitoring, a gesture similar to one made by the University of Pittsburgh Medical Center after a data breach compromised the personal data of at least 27,000 UPMC employees.
"The insurance company should be credited for offering the credit monitoring," Abel said. "Students who are affected should take the company up on its offer or visit www.annualcreditreport.com for a free credit report. Review the report and make sure there is nothing suspicious. If there is, dispute it in writing."
DAVID BRUCE can be reached at 870-1736 or by e-mail. Follow him on Twitter at twitter.com/ETNbruce.
(c)2014 the Erie Times-News (Erie, Pa.)
Visit the Erie Times-News (Erie, Pa.) at www.GoErie.com
Distributed by MCT Information Services
[ Back To TMCnet.com's Homepage ]