Alabama’s Jacksonville State University is investigating a fraudulent website that is illegally exposing protected student information.

According to a report from The Anniston Star, university officials say the information was likely stolen from JSU’s database. The website, which is not being identified, allows users to search for students’ personal information, beginning with student names, to provide access to ID photos, addresses, birth dates, phone numbers, student ID numbers, fraternity and sorority affiliation and other information. Personal information for some former students, faculty and staff also appear on the site.

When questioned as the reason behind the posting of the student information, an email address associated with the website sent the following message to The Anniston Star:

“The website is intended to be a safe yet intriguing lesson to universities and other academic institutions to value their students’ personal information. We live in an age where records that were once on paper protected by security guards are now digitized protected by nothing. I believe among the responsibilities of any organization that one belongs to is the protection of their subjects’ personal information. Jacksonville State University among others have failed to honor this responsibility.”

An official statement made by Jacksonville State University confirms that the website contains personal information of students, including phone numbers, addresses, birth dates and ID photos. University officials say that the matter is being investigated internally, as well as by state and federal law enforcement agencies.

In the meantime, the university is advising students to change their university login and email passwords. The suspected hacker has since updated the site to exclude students’ street addresses, though city and state of residence are both still listed.

This latest hack comes just a few short weeks after a large breach at the University of Central Florida, where the Social Security numbers and student ID numbers of some 63,000 students, faculty and staff were compromised.