University officials said files, including students' names, addresses and Social Security numbers, were accessed three times by automated data-mining applications since March, CNN reported Wednesday.
No servers or systems were compromised, and the information -- stored in an unsecure location -- "was not downloaded by an unauthorized individual looking for specific sensitive data," the university said in a statement.
"This is not a case of a targeted attempt to obtain data for illegal purposes, and we believe the chance of sensitive data falling into the wrong hands as a result of this situation is remote," said James Kennedy, the school's associate vice president for university student services and systems. "At the same time, we have moved quickly to secure the data and are conducting a thorough investigation into our information handling process to ensure that this doesn't happen again."
The data includes students who were in the university's system from 2011 to 2014, CNN said.
University officials said the state attorney general's office was notified Tuesday.