A state audit found that personal and financial information for students considering attending the University of Maryland were stored on publicly accessible servers that could make students easy prey to ID thieves.

Student names, Social Security numbers and even some credit card numbers were stored without encryption on a university Web server.

The university system’s own guidelines require such nonpublic information be deleted or encrypted to prevent security breaches. This type of student data “is commonly sought for use in identity theft,” the audit pointed out.

The audit covered the university system from February 2008 to March 2011.

According to a university system spokesperson, no prospective student data was compromised while on the publicly accessible server.

Read more here.