Student names and Social Security numbers posted online for six months
Nearly 60 members of the Graduate Student Organization (GSO) who received a grant reimbursement or Recognized Graduate Student Organization (RGSO) reimbursement had their names and Social Security numbers posted on the internet for six months.
According to an email obtained by the ASP sent jointly by GSO President Tom Devlin and Vice President Genevieve Kane, the names and social security numbers of GSO members were, “… inadvertently posted on the GSO website when the GSO posted the expense summaries for the organization.”
The email explains that with each reimbursement request the GSO must request the social security number of the payee so that information can be logged for University Auxiliary Services (UAS) vouchers, and that this information was not removed from the budget expense report before its posting to the GSO website. As a result, the names and social security numbers of GSO members were made public without their knowledge.
The email also states that during the six month period in which student information was posted online, from September 2012 to February 2013, there were 818 hits on the page containing the information, which also houses grant applications and the RGSO handbook.
In the email Devlin and Kane also explained that the posting of student information was “accidental and limited” with “no malicious intent on the part of the GSO” and that they too were affected by the breach, having their information posted online as well.
Speaking on condition of anonymity, one of the effected students called the incident “unacceptable, inexcusable and way beyond an accident.” The student, who for obvious reasons wishes to remain anonymous, at least this time, explained that the posting of expenditure reports was done as a transparency measure after the GSO was “hemorrhaging cash” in previous years.
“Just because the information was pulled down does not mean it’s gone. The issue is not so much about today, but three months or a year from now” said the affected student.
The student plans to contact an attorney to pursue legal action against the GSO. “You must be kidding me, this affects my future and my livelihood. Tom and Genevieve are not in the same boat as the rest of us, they were responsible for releasing the information in the first place. So to try to play it off as ‘oh we were affected too so its OK’ is insulting and ridiculous.”
The email outlines an internal audit the GSO plans to perform to evaluate the effectiveness of their system of handling sensitive student information and to explore avenues which will prevent another breach of this nature in the future.
As for immediate steps students can take to help themselves, the GSO email had this to say: “To ensure that your social security number has not been used to obtain credit, you may want to obtain a credit report from one of the three national credit bureaus, Equifax, Transunion or Experian, either online or through the mail. The federal Fair Credit Reporting Act requires the bureaus to provide one free credit report annually to an individual. You may also want to ask each bureau to place a block on your credit, so that no one is able to access your credit without your explicit permission.”
The affected student offered their thoughts on the GSO’s solution; “On a scale of anger from 1-10, I hit a 20 after reading this email in its entirety. You posted my social security number and your solution for me is to report to a credit agency every time I want to open a new credit card and to get a credit report done? That kind of nonchalant approach is amazing.”
The ASP has reached out to GSO President Tom Devlin and Vice President Genevieve Kane for comment and will update accordingly.
By Joe Alicata Editor-in-Chief firstname.lastname@example.org