By Melissa Boyd (Whetstone Staff Writer)

EducationStorySpreadsheet_568x314Last fall, senior Brittany Phillips searched “praxis scores” on the Wesley server and saw her own scores, as well as those in her class that were education majors.

“I didn’t speak to any of my professors about this issue,” she said. “When speaking with my classmates last fall, one of them volunteered to bring it to their attention on behalf of everyone in my class.”

Records included praxis score reports for both elementary education K-8 and physical education majors, as well as field placement reports.

Department chair Jill Cole said she is unsure of exactly how many students’ records were publicly available because the Information Technology department took down all of the records as soon as a News Journal journalist asked about the records.

“By the time we found out, it was already taken down,” she said. “All of our files were on the educational server, which is a secure server.”

Jody Sweeney, chief information officer, said about 3,000 files were involved.

“Leading up to the accreditation visit last fall, Information Technology was asked to update these files on an outside facing server so that the NCATE [National Council for Accreditation of Teacher Education] evaluators could review them,” he said. Sweeney said the education department neglected to remove student names and other personal data.

He said the server wasn’t publicized, but that Google’s web searcher, WebCrawler, found the files under a folder titled, “NCATE,” and alerted the News Journal reporter because of her request for all Wesley College files as Google finds them.

“IT suggested early in the process that this was not a truly secure method of sharing files,” he said.  “We will not handle this situation in the same manner the next time, choosing instead to utilize one of the secure Cloud services available to the College on a free basis.”

Dr. Patricia Patterson, NCATE coordinator for Wesley and an education professor, however, said the files were not related to NCATE.

“We used a password-protected website that IT set up for us for NCATE,” she said. “We would never use student names for NCATE. We report mean score, never individuals’ data. These records were for our records.”

Cole said that no students or parents have contacted her about the issue but that administration told her they notified the students whose records were uploaded.

“We double-checked with our IT department to make sure that our education server is now secure,” she said. “The IT department dealt with the issue promptly.”

Sweeney said the IT department takes information security seriously.

“When future needs require the sharing of files with outside organizations for a legitimate reason, IT will be sure to provide a secure, non-public facing mechanism to accomplish that task,” he said.

“We stand ready to assist any department with their data security needs.

Phillips said she received an email alerting them of the breach, telling her the issue was found and fixed.

“I felt uncomfortable with the fact that my scores were public without my permission,” she said. “However, the only people who would have seen them would be people who specifically searched ‘praxis scores’ on Wesley’s website. I feel like there was minimal exposure to the public and the scores were not intentionally publicized.”