The largest employer in St. Joseph County is telling some of its workers, past and present, that it compromised their personal information.

The University of Notre Dame says they accidentally posted a list of a number of employees' names, social security numbers, and birth dates on the internet.

They’re notifying affected employees through the mail.

At this point, the university doesn't know of any cases of identity theft as a result of the breach.

In a letter sent to affected employees, the University says it’s unknown if anyone ever accessed the list online, and that it’s “indeterminate” how long it had been posted on the web.

It's been taken down now, and the university says they’re updating the technology to make it more difficult for someone to make the same mistake.

While many affected employees WNDU has spoken with are frustrated and worried about identity theft, one big question is; how did this happen?

“There's nothing to suggest it was malicious or intentional I think it was just an accident,” said Thomas Gresik, President of the Notre Dame Faculty Senate.

Notre Dame says it was a human error. A digital folder that really should have stayed in a secure space was accidentally saved in the “directory” of the human resources website.

The directory stores the information for the site, and is accessible through the internet. But, it's not what you see when you visit the regular website.

Spokesman Dennis Brown says the list was removed after being found by a routine security check; so it's possible it may have never been accessed by anyone outside the university.

The university is recommending employees check their credit score, and a local officer who investigates identity theft agrees.

“It could be as simple as a 10 second leak to a 2 day leak to a site on an area of the site no one goes to anyway, but you (never know if anyone saw it),” said Sgt. Dominic Zultanski with the South Bend Police Department.

Sgt. Zultanski checked his credit score Monday. He also got a letter because of his part-time work at Notre Dame.

“You can go online through www.annualcreditreport.com to get all three credit bureaus to give you a copy of your report. That is the minimum that needs to be done,” Sgt. Zultanski said.

The university has gone above what's required. They're also paying for credit monitoring for anyone involved, as long as they request it.

“I think this is an isolated incident, but it’s important for the university to step up and make sure that there aren't individual costs imposed on faculty, staff, and students who have been affected by this,” Gresik said.

University spokesman Dennis Brown wouldn’t tell WNDU how many employees were affected, but he says they were from multiple departments.

WNDU spoke to about a dozen employees Monday, and all of them received letters saying they were on the list.

The university says they’re also looking into the possibility of covering some of the costs to employees if there is any identity theft because of this incident.

Sgt. Zultanski says employers are not legally required to do much beyond telling people their information was compromised, and that an employer paying for the credit monitoring is actually kind of unusual.

He also says a recent change in state law was meant to address situations exactly like these, ensuring it was reported to those whose information was compromised. He also said that these types of exposures are not that unusual.

“Before, if an entity makes a mistake or did something where things are posted; they'd simply correct the problem and go, ‘Oh, I hope nobody finds out,’” Sgt. Zultanski said.