Personal information of students who booked their spring break trips on one online travel agency may have been exposed on the World Wide Web for months.

A security breach at the online travel agency Travelocity.com leaked personal information of 4,500 clients who entered online promotions between May and November. Names, addresses, phone numbers and e-mail addresses of the contestants were exposed. However, credit card information was not released.

"Upon being made aware of this situation, we immediately removed the data from our site," said Terrell Jones, President and CEO of Travelocity in a letter to customers. "At no time were any member profiles, credit card information or customer data exposed."

Travelocity.com confirmed the breach last Monday. The information had been inadvertently left accessible for months.

Alison Mumper (senior-civil engineering) uses Travelocity's services and said from now on she will read all the security warnings on Web sites before submitting her information.

"The leak in information is very scary and very irresponsible," Mumper said. "The fact that it was the company's own fault is even worse than being hacked."

Clients' data was made accessible through a link on the site following the transfer of a number of servers from one office in San Francisco to another in Tulsa, the company said. During the move, internal data from two promotional contests was left on a computer being used as a Web server. By clicking on an advertisement on the Web site, users could connect to a page where it was possible for someone familiar with HTML to reach a spreadsheet with the contestants' information without a password.

"We regret this incident occurred. We take the privacy of those who participate on our site very seriously," the release said.

An executive of an Internet-commerce company told technology-news service Cnet-Networks Inc. about the breach. Cnet-Networks Inc. then informed Travelocity.com. The agency is launching an internal investigation and is contacting through e-mail everyone who entered the contests whose name may have been accessible.

The leak is the latest of several online company security breaches. Last month the accounts of 3.7 million Egghead.com clients were exposed when a hacker broke into the company's system. Amazon.com, Creditcards.com and IKEA (www.ikea.com) also experienced security breaches last year in which customer information was leaked.