The information included names, addresses, phone numbers and Social Security numbers of 675 people.
"It's a very unusual occurrence," said Debra Brum, vice president for instructional and information technology and chief technology officer at Cal Poly. "We so deeply regret that this happened."
A former Cal Poly student came across the Excel file with his personal information when he researched himself on Google. He told university officials on Nov. 17, and they immediately looked into the incident, Brum said.
The file was originally stored on an old server scheduled for replacement in 2009, according to a Cal Poly news release.
The university's Information Security Office said the data breach was unintentional and the file had been mistakenly placed in a publicly accessible folder, according to the news release.
"At some point, it was permitted to the public, but we don't know when or how," Brum said.
The first thing officials did when they heard about the incident was validate the student's claim. Then they made sure the information was inaccessible in their system and on Google, Brum said.
Finally, officials had to get current contact information for each applicant to tell them what happened.
By late last week, officials had notified about 90 percent of the applicants and were working to contact the rest.
The university is also in the process of bringing all of its computers and servers up to a higher level of security, according to the news release.
A few years ago, the university stopped using Social Security numbers to identify students.
Now they use a Bronco number as the primary identification tool, Brum said.
Social Security numbers are only used in areas like financial aid and employment.
"A very small number of university people have access to Social Security numbers, and they are carefully trained," Brum said.