State officials say that an embarrassing glitch in a state higher education website apparently did far less damage than they feared.

On Sept. 5, the Minnesota Office of Higher Education disclosed that a computer error had exposed private information, including names and Social Security numbers, of potentially thousands of college students on a state database.

At the time, officials said they had no idea of the extent of the security breach.

Now, an investigation has found only three occasions when the site was accessed without proper authorization in the past year — all apparently by mistake, according to the agency's report.

"[It] appears there was no hacking or intentional misuse of information," said Sandy Connolly, the agency spokeswoman.

The website for the Student Educational Loan Fund (SELF) program contains personal information on approximately 130,000 students dating back 10 years, according to Connolly. Many students use the website to complete online counseling programs that are required to obtain a college loan.

Last week, the agency notified 1,328 students that their information may have been exposed as a result of the glitch. The students recently attended one of three schools — the University of Minnesota Twin Cities campus, Minnesota State University, Mankato, and the Travel Academy in Eagan — where one of the incidents had been detected.

The last incident, on Aug. 31, occurred when a U student logged onto the website and saw information about other students. The student reported it to the university's technical staff, who notified the state.

The agency said that it fixed the glitch immediately and has since removed all Social Security numbers from the site.

Investigators traced the coding error to a website redesign in October 2013.

The website allows financial aid officers at colleges and universities to have access to their own students' information. But the glitch allowed students the same access if they mistakenly logged in through the administrators' portal, Connolly said. "It shouldn't have let them in," she said. "That was the flaw in the system."

Since then, "we have no indication from anybody that there's been any misuse of that information," she said. "We're pretty confident that this is the end of it."

Maura Lerner • 612-673-7384