The personal information of some 3,200 S.C. college freshmen, including their Social Security numbers, was left exposed on a state agency’s website for more than nine months until the error was caught last week.
The Commission on Higher Education sent letters Sunday to recipients of its 2017 Palmetto Fellows Scholarships notifying them of the “unauthorized exposure,” which the agency attributed to a coding error made last May by a former employee.
The error left the 3,200 award winners’ names, home addresses and Social Security numbers lying open on an agency web page, though the agency says that page was buried on its website and hard to find without a detailed search.
The commission says it learned of the exposure when a scholarship recipient found the page last Wednesday. An outside review found that fewer than five people had accessed the page, the commission said.
Social Security numbers were marked as "student identification" numbers on the page.
The commission said it sent the letters Sunday out of an abundance of caution.
“To be clear, investigators have found no evidence that malicious intent was involved with exposure of the database or that the exposed data has been used for identity theft or any other crime,” the commission said in its Sunday letter to scholarship recipients.
The agency said Monday the employee who made the error left his job months ago.
The exposed page was supposed to be password-protected, available only to commission staffers and South Carolina's colleges, who use the information to recruit the state's top students.
The exposure pales in comparison to South Carolina's largest data breach.
In 2012, hackers stole tax data from the S.C. Department of Revenue, making off with the financial data of 6.4 million state taxpayers and businesses.