Indiana University discovered in May 2014 that files containing Social Security numbers and other personal data for approximately 146,000 current and former students had been inadvertently exposed on a publicly accessible server since at least January 2014. The files had been accessible to anyone who knew or found the URL for approximately six months before being discovered during an internal security audit. Indiana University disclosed the exposure in July 2014. Exposed data included names, Social Security numbers, and student ID numbers. The university notified all affected individuals, offered free credit monitoring, and worked to determine if the data had been accessed by unauthorized parties. Web access logs indicated some external access, but it was unclear whether the exposure was exploited maliciously. The incident was one of several higher education data incidents in 2014 and underscored the risks of improperly secured institutional data stores.