The breach occurred when a programmer inadvertently saved an internet test file on a public server in January 2010, the university said in a statement.
In addition to the personal information of the 3,000 faculty members, the file contained similar information on 500 sole proprietors who do business with the university, according to DataBreaches.net.
The file remained on the public server for two years until it was discovered because Google indexed it, Columbia explained. The university said it was informed of the breach on April 16 and immediately secured the file and removed it from Google’s index.
The university’s logs indicate that the file was not accessed between January 2010 and March 10, 2012, when it was first indexed by Google, according to DataBreaches.net. “We do not have evidence of wrongdoing or identity theft”, Columbia said on its website.
“Information security is a serious issue for the university. Columbia continues to strengthen its measures to protect sensitive information, including the implementation of additional tools to search for sensitive information inadvertently placed in locations that are not secure. Columbia is also strengthening its policies and procedures on where sensitive information should be stored on its systems”, the university said.