"The incident cost the university about
He said there were no reports that anyone's identity was stolen due to the exposure.
The data breach in February exposed personal information from 146,000 students and recent graduates. Information such as names, addresses and
Land said the cost of a call center to answer questions and of mailing notification letters ended up being less than expected. Originally, the call center was expected to cost
The exposure happened when an authentication point was not working. The student data was encrypted so it couldn't be read easily, IU officials said at the time. Only three "web crawlers" -- automated computer data mining applications -- were found accessing the information.
Land said the cost of the call center and the mailings were paid for by University Student Services and Systems, where the exposure happened. He said the salary and benefits were not added costs due to the breach.
The call center began in late February and closed on
Although many in the exposed group were notified via email, Land said IU mailed notification to those who no longer had emails on file with IU.
Land said after the incident was reported to the state attorney general's office, IU worked internally to make about eight action points, mostly about staff training, to prevent a future exposure. The corrective steps also included raising awareness of the issue with all employees, Landsaid.
(c)2014 the Herald-Times (Bloomington, Ind.)
Visit the Herald-Times (Bloomington, Ind.) at www.heraldtimesonline.com
Distributed by MCT Information Services