IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Data Breach Affects Students at Lake Erie, Pa., College of Osteopathic Medicine

Google's search engine accessed the names and Social Security numbers of students' whose information was inadvertently posted on the Internet.

Lake Erie College of Osteopathic Medicine students' names and Social Security numbers were inadvertently posted on the Internet in April and accessed by Google's search engine.

The data breach originated from Hubbard-Bert Inc., an Erie business that provides health insurance to LECOM students, said Pierre Bellicini, LECOM spokesman.

"It was not a breach of LECOM computers," Bellicini said. "But we have taken action."

Bellicini referred other questions to Hubbard-Bert, including how many students were affected by the data breach.

Dave Ciacchini, president of Hubbard-Bert, said the company would not comment on the data breach unless LECOM officials authorized him to do so. Bellicini indicated the medical school would not do that.

Posting students' names and Social Security numbers online puts those students at risk of identity theft, said John Abel, senior deputy attorney general for the Pennsylvania Bureau of Consumer Protection.

"The main concern is that bad guys get this information and use it to apply for a credit card," Abel said. "They might even assume your identity and do things like file for bankruptcy or run up large credit card bills."

The data breach was first discovered by a LECOM student, according to an e-mail that Joe Kelly, Hubbard-Bert vice president, sent to LECOM students April 25.

"There was inappropriate access by the Google search engine to our nonactive working server," Kelly said in the e-mail. "A test sampling of students' names and Social Security numbers was inadvertently accessed by Google."

Hubbard-Bert worked with Google to remove the names and numbers from their web servers, Kelly said in the e-mail. Google first accessed the servers on April 14, and Kelly said in the April 25 e-mail that the information could remain on the servers for "an additional eight days."

Bellicini said the students' names and numbers are no longer on the servers.

Hubbard-Bert is offering the affected students one year of credit monitoring, a gesture similar to one made by the University of Pittsburgh Medical Center after a data breach compromised the personal data of at least 27,000 UPMC employees.

"The insurance company should be credited for offering the credit monitoring," Abel said. "Students who are affected should take the company up on its offer or visit www.annualcreditreport.com for a free credit report. Review the report and make sure there is nothing suspicious. If there is, dispute it in writing."

©2014 the Erie Times-News (Erie, Pa.)