Purdue data leak: Personal information of over 26000 prospective students exposed

• An employee accidentally sent a file containing personal data of 26,598 applicants to the parent of a prospective student.
• Applicants' full names, dates of birth and Social Security numbers were exposed.

Purdue University accidentally exposed the personal information of over 26,000 applicants after a file containing the data was mistakenly sent to the parent of a prospective student. An employee from Purdue's Division of Financial Aid accidentally sent the file with the personal data to the parent on May 17.

The file listed the names, dates of birth and Social Security numbers of 26,598 applicants.

The parent immediately notified the sender and cooperated with the university to destroy the file, Purdue Assistant Legal Counsel Trent Klingerman. Purdue is currently notified affected applicants of the incident, offering them one free year of credit monitoring and providing advice about identity protection.

“While Purdue regrets this error, we have no reason to believe the information was improperly accessed or used given the prompt and thorough cooperation of the recipient and the limited nature of the disclosure,” Purdue said in a news release.

The university has already filed a report with the state's attorney general office.

This isn't the first time Purdue University has suffered a security incident.

In April, Purdue University Pharmacy discovered an unauthorized remote access file installed on its systems that had been in place since September 2017. Patients' names, identification numbers, dates of birth, dates of service and medication were likely compromised. The compromised computer also contained Purdue identification numbers, diagnoses, treatment and amounts billed.

The following month, the security team found malware installed on a computer used to scan health insurance cards at the affiliated Family Health Clinic of Carroll County. In that case, the file was installed on March 15 while the computer contained sensitive information such as patients' names, health insurance data, Medicare numbers and driver's license numbers.