As of Tuesday, 650 students had signed up for the free Equifax credit-monitoring service provided by the university after the Department of Transportation Services accidentally released the Social Security numbers of about 24,000 students, according to DOTS Director David Allen.
The cost of the service, which is estimated at $23 a student, will be paid for by uncommitted funds DOTS has set aside for emergencies, Allen said.
The Social Security numbers, which were printed on address labels affixed brochures sent to students registered for the fall to inform them about parking on the campus, were mailed by DOTS on July 1, according to an e-mail sent to the affected students. DOTS began receiving complaints a week later and notified students through e-mail July 17.
A letter was then sent to students’ permanent addresses July 15 from Allen, stating that many students may not have even received the original parking brochure, because “this mailer has been sent using third class, bulk mail delivery and may not have been delivered to you yet.”
“It’s just outrageous, absolutely sloppy information handling,” said Paul Stephens, advocacy and policy director of the group Privacy Rights Clearinghouse. “The only time [the university] would need to use your Social Security number is in dealing with financial aid.”
The students who have still not received the original parking brochure are in the greatest danger, Stephens added, as the mail could have been delivered to someone else who could take advantage of the printed Social Security number. He described a Social Security number together with a name and address as “basically the key to committing identity theft,” and added the most common uses of the information would be to get a credit card or cell phone using the stolen information, at which point any unpaid bills would hurt the victim’s credit rating.
Stephens recommended students place a “fraud alert” on their credit reports, which forces creditors or cell phone companies to take extra steps to verify identities.
Allen said employees had used a “query” of a university database to get the names and addresses of registered students. They then used the Social Security numbers to eliminate duplicate entries, but failed to remove them before printing the data onto mailing labels, he said.
Each student’s Social Security number was printed without spaces or dashes, making it less recognizable, Allen said.
Allen did not identify the employees responsible for the breach but said they have since been “educated.” He also said he did not know why DOTS was given Social Security numbers instead of university ID numbers. University policy calls for the use of Social Security numbers in database searches to be reviewed on a case-by-case basis by the University Data Policy Advisory Committee, for “exceptional circumstances.”
But despite apologies and preventative measures offered by the university, some students remain outraged by the incident.
One student, who asked not to be named, said he had not received the DOTS mailing, meaning his personal information may have been sent to someone else.
“So who’s walking around with my Social Security number? Who knows?” the student said.
But others were more nonchalant, such as junior economics and marketing major Mike Moore.
“I kind of thought it wasn’t that huge a deal, because they weren’t put out as Social Security numbers, separated by dashes,” he said.
holtdbk@gmail.com