The University of South Carolina experienced a computer security breach that exposed on the Internet the Social Security numbers and other private information of nearly 31,000 faculty, staff, retirees and students.
The breach was discovered in January on a computer server at USC Sumter, but it potentially affected people throughout the university system's eight campuses.
It's not the first time USC has reported such a computer security breach, but this latest incident might be the largest.
"Letters went out as soon as individuals were identified," USC spokeswoman Margaret Lamb said Friday. "There is no evidence that anyone's personal information was compromised or used improperly. USC Sumter has addressed the matter, notified the individuals and provided them guidance on how to protect their information."
Still, USC Sumter didn't mail the letters until March 1, several weeks after the breach was discovered. Letters warned of the security breach and explained to those who might be affected how to check credit records.
"We've done everything we can do to address the matter," Dr. William T. Hogue, USC's vice president for information technology, said Friday in an e-mail.
Several people contacted the media after receiving letters on Thursday. They represented faculty, staff, students and retirees, including some who studied and worked at the USC campus in Columbia but had never been affiliated with Sumter.
The Columbia campus data was on a USC Sumter server because the university system's eight campuses share data and information for comparison, benchmarking and planning, Lamb said.
The security breach was caused by human error, Lamb said, although the university would not provide details on how it happened.
The USC Sumter computer server where the information was stored was taken offline within two hours of the breach's discovery, Lamb said.
Letters were not mailed until March because the university wanted to identify the people affected, she added. They said, in part, that the university "has addressed the problem, and your information is no longer exposed."
The letter also recommends that its recipients place an initial fraud report on their credit reports and gives contact information for the three major credit bureaus. The university wrote that it had a hotline where potential victims could receive further information.
However, callers are not receiving much information about what happened, said Paul Higgins, a retired sociology professor who taught at the Columbia campus.
"I guess I'm a little bit disappointed that USC Sumter has provided so little information to those of us whose confidential information has been compromised," Higgins said.
"This letter to me has not been sufficient."
Higgins said he called the credit bureaus and asked for an initial fraud alert to be put on his credit report. A fraud alert provides notice before any new lines of credit are opened.
The January security breach at USC Sumter is not the first time private information from university students, faculty and staff members has been exposed on the Internet. However, in other instances the university provided more detailed explanations.
In June 2008, the school warned 7,000 people that their personal information was on a desktop computer stolen from the Moore School of Business. At the time, Hogue said the university was in the midst of an overhaul of the campus-wide computer system. That incident was the third time in two years USC had experienced a major breach of security of its computer system.