Personal data may be at risk for 146,000 students and recent graduates of Indiana University, the school announced Tuesday.
The exposed information includes names, addresses and Social Security numbers for some students and alums who attended one of the school's seven campuses from 2011 to 2014.
Although the data was stored in an insecure location for the last 11 months, a university staffer discovered, no servers or systems were compromised.
The information was not downloaded by an unauthorized person looking for specific sensitive data, but rather was accessed by three automated computer data mining applications, called webcrawlers, used to improve Web search capabilities, according to a news release.
As soon as the university discovered the problem, staffers secured the data and say they see no signs that the records have been viewed or used for illegal purposes.
As a precaution, however, the university began notifying all affected students of the possible data exposure this week.
The university has created a website to answer questions about the data breach, and plans to have a hotline in place by Friday to help those affected.
“This is not a case of a targeted attempt to obtain data for illegal purposes, and we believe the chance of sensitive data falling into the wrong hands as a result of this situation is remote,” said James Kennedy, associate vice president for financial aid and university student services and systems. “At the same time, we have moved quickly to secure the data and are conducting a thorough investigation into our information handling process to ensure that this doesn’t happen again.”