According to a 2006 study conducted by the Federal Trade Commission, 8.3 million American adults discovered they were identity theft victims in 2005. This type of crime can be devastating for victims, sometimes taking years, and on average $31,356, to reclaim their identity and livelihood.
With this in mind, starting in 2004, the university engaged in an aggressive effort to shift away from using Social Security numbers as a unique identifier for its students. Instead, the University ID number (UID) was introduced to be used on everything from our student IDs to university letters and brochures.
The university even took this one step further: Gerry Sneeringer, who was and still is the university’s information technology security officer, said at the time, “The university has been going through a process for the last couple years to eliminate SSN numbers from as many systems as possible, and only leaving it in places required by law.” By limiting exposure to personal and confidential student information, conventional wisdom said this information would remain safe and secure.
Well, conventional wisdom does not always seem to hold true, especially at this university. Fast forward to July 8, 2008. In my mailbox was a brochure from the Department of Transportation Services encouraging me to apply for a (recently increased in price) parking permit. I opened it up and began to read it. On page 2, it read “Register by Monday, July 7, 2008, 4 p.m.” Too bad it was about 5 p.m. on July 8. I wasn’t too concerned since I was not planning to apply for a parking permit in the first place, but I would soon realize that was the least of my worries.
I was about to put it down, when I noticed on the front cover above my address, my Social Security number was printed in plain sight. Did DOTS decide that, since they haven’t found a new way to take more of your money, they want other people to do it?
This is an inexcusable mistake. DOTS never should have had access to this essential piece of information in the first place. If the university only left the Social Security numbers in places required by law, why did DOTS have it? Unless they’re going to start issuing lines of credit for students to pay off their parking ticket debts, I see no reason why any DOTS employee should ever have access to this information.
Vice President for Student Affairs Linda Clement said, “[This incident] was a human error.” This was not just a result of human error; it was a result of multiple layers of incompetence, starting from the top. I find it unbelievable no one, from the label maker to the employee reviewing the brochures, if there was one, caught this embarrassing and costly mistake. The university can’t seem to protect us in any sense of the word.
At least the university is taking action, albeit late. The university lost precious time negotiating a deal with Equifax. By choosing to delay informing the nearly 24,000 affected students rather than informing them immediately, these potential victims lost precious time taking steps to prevent an identity crisis.
The university has decided to offer 12 months of free credit report access to all affected students. But if my time at this university has taught me one thing, it is nothing is free on this campus (except your Social Security number). At $23 a student, DOTS would have to issue 7,360 additional parking tickets, or withhold 4.8 years of DOTS Director David Allen’s $114,846.62 annual salary, to offset this expense. The money needs to come from somewhere, and I wouldn’t be surprised if it comes directly from our mandatory student fees.
In past years, the university has spent untold amounts of money voiding the need for one’s Social Security number as a unique identifier for its students. Maybe some of this money should have been diverted to improving the systems in place to prevent these types of mistakes.
This incident just proved what I have suspected all along: You really do get treated like a number at this university.
Joel Cohen is a junior government and politics major. He is most likely busy checking his credit report, but can be reached at jcohendbk@gmail.com.
