The Associated Press
BLOOMINGTON, Ind. - A Web surfer in Sweden got into an unprotected Indiana University computer, removing more than 3,000 student names and identification numbers while leaving behind a cache of downloaded music files.
University officials believe the student data was taken by accident, since the person was looking for computer space to store the MP3 files.
"It's a common trait for students to look for storage space on the Web," said Perry Metz, associate vice president of the university's Bloomington campus. "They go to Napster, find all these music files, then need a place to store them."
The university server was unprotected Feb. 6 because the system had crashed and the person who normally fixes it was out sick, Metz said. Another employee who brought the system back up reconfigured it improperly, leaving out security safeguards, he said.
The computer used to access the university's server was traced to a university in Sweden.
"When they found this open server, they used it to store and then re-access a lot of music and video files," Metz said. "It was only in passing that someone exported this data file."
The data file contained the names of 3,100 graduate students, along with many of their Social Security numbers. Letters were sent to affected students Friday.
There was no indication that any of the information had been used improperly, Metz said.
"My hope is that when they saw it wasn't a music file, they simply deleted it," he said.
Graduate student Garvey Pyke said he spent much of Saturday sorting through his financial information to prevent any problems.
"I couldn't believe how violated I feel by the university, that they didn't protect my private information," he said.
University police were investigating and the FBI was notified, Metz said.