The file containing names, addresses, Social Security numbers and bank account numbers (but not the names of the banks or the routing numbers) of the affected individuals ended up online after a programmer saved it by mistake on a public server, and Google expectedly indexed it.
Still, it took over to years to discover them mistake - presumably, after one of the affected individuals was shocked to discover the information when doing some online reputation checking? - and the file was finally pulled and deleted from Google's Index.
Even though access logs for the file say that it was not accessed by anyone while it was online, the university - likely schooled by four similar incidents that happened to it in the last seven years - has promptly notified the victims about the matter, apologized, and offered a free two-year subscription to a credit monitoring system to each of them.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.