TEMPE, AZ (3TV/CBS5) -- Arizona State University has notified 4,000 students that their email addresses "were accidentally revealed" in a large data breach.
ASU told the students on Aug. 16 it happened in late July when a university office sent bulk emails about renewing health insurance coverage without masking the identities of the recipients.
Some of the email addresses revealed recipients' names, as well.
This unintended action is considered a data breach under the Health Insurance Portability and Accountability Act (HIPAA).
"The only items of protected health information (PHI) released were the students' email addresses. No other PHI was released," stated the school.
The university was able to limit the release of information by deleting more than 2,540 of the messages from ASU email inboxes.
More than 1,130 of those emails were unread.
ASU also says that procedures have been "revamped" to bolster protection of information, including establishing more review and approval levels for mass email distributions.
The student notification included details on assistance resources available to all ASU students, faculty, and staff.