It says the data was accessed by three automated computer data mining applications, called webcrawlers, used to improve internet search capabilities.
The university says that once it discovered the possible exposure, it secured the data and has found no evidence that the files were viewed or used for inappropriate or illegal purposes. It says it will begin notifying all affected students of the possible data exposure this week.
It says it's also taking steps to help the students with credit monitoring.