Tennessee Tech Mixup Affects 3,100 Students
Technorati Tag: Security Breach
Date Reported:
9/13/07
Organization:
Tennessee Tech University (TTU)*
*Tennessee Tech is a public university located in Cookeville, Tennessee with an enrollment of 9,733
Contractor/Consultant:
None
Victims:
Current and former students owing the university money
Number Affected:
3,100
Types of Data:
Name, address, Social Security number and other billing details
Breach Description:
A "technical problem" led to a situation where information including Social Security numbers of one student were sent to another student.
Reference URL:
http://www.tntech.edu/publicaffairs/rel/2007/sept07/DataGlitch.html
http://www.herald-citizen.com/NF/omf.wnm/herald/news_story.html?rkey=0046193+cr=gdn
Report Credit:
Tennessee Tech University
Response:
From the online resources outlined above including Tennessee Tech University's official press release:
"On Tuesday, Sept. 11, a technical problem in the way student bills are printed resulted in the chance that some student social security numbers and personal identification numbers may have been sent to another student’s address. While the university suspects the number of records made vulnerable is relatively small, campus officials preferred to err on the side of warning all 3,100 individuals who might have been mailed a bill on that date."
"Within a day after the problem was identified, the university e-mailed letters to those affected, notifying them of the problem and outlining steps to help prevent possible fraud."
[Comfyllama] Can you imagine if they emailed the wrong student too?
“We deeply regret this problem, and we are committed to doing what we can to help any who may have been affected avoid the possibility of identity theft or fraud,” said Claire Stinson, vice president of Business and Fiscal Affairs.
“Toward that end, we quickly blocked all access to the student web system until the personal identification numbers for any possible affected student Eagle Online account were reset.”
“A team of individuals representing several offices has discussed the issue and identified several ways to prevent it from happening again,” Stinson said. “We are implementing several security measures that should keep a problem like this from recurring.”
“Unfortunately, in this age of technology and access, even simple mistakes can have important ramifications. While the majority of students were not affected, we will work with those who might have been to help address concerns.”
[Comfyllama] The word "mistakes" in this statement is what has led to us labeling this breach as "Employee Mistake".
The university said it will mail new bills shortly and agreed to waive late charges for anyone affected by the problem.
Commentary:
This breach is unusual. It's almost like 3,100 little 1 victim breaches rather than one 3,100 victim breach. Potentially, each victim may have had their personal information disclosed to one person. Anyway, I don't see the value in including Social Security numbers on student billing. There are better ways.
Past Breaches:
None
Date Reported:
9/13/07Organization:
Tennessee Tech University (TTU)*
*Tennessee Tech is a public university located in Cookeville, Tennessee with an enrollment of 9,733
Contractor/Consultant:
None
Victims:
Current and former students owing the university money
Number Affected:
3,100
Types of Data:
Name, address, Social Security number and other billing details
Breach Description:
A "technical problem" led to a situation where information including Social Security numbers of one student were sent to another student.
Reference URL:
http://www.tntech.edu/publicaffairs/rel/2007/sept07/DataGlitch.html
http://www.herald-citizen.com/NF/omf.wnm/herald/news_story.html?rkey=0046193+cr=gdn
Report Credit:
Tennessee Tech University
Response:
From the online resources outlined above including Tennessee Tech University's official press release:
"On Tuesday, Sept. 11, a technical problem in the way student bills are printed resulted in the chance that some student social security numbers and personal identification numbers may have been sent to another student’s address. While the university suspects the number of records made vulnerable is relatively small, campus officials preferred to err on the side of warning all 3,100 individuals who might have been mailed a bill on that date."
"Within a day after the problem was identified, the university e-mailed letters to those affected, notifying them of the problem and outlining steps to help prevent possible fraud."
[Comfyllama] Can you imagine if they emailed the wrong student too?
“We deeply regret this problem, and we are committed to doing what we can to help any who may have been affected avoid the possibility of identity theft or fraud,” said Claire Stinson, vice president of Business and Fiscal Affairs.
“Toward that end, we quickly blocked all access to the student web system until the personal identification numbers for any possible affected student Eagle Online account were reset.”
“A team of individuals representing several offices has discussed the issue and identified several ways to prevent it from happening again,” Stinson said. “We are implementing several security measures that should keep a problem like this from recurring.”
“Unfortunately, in this age of technology and access, even simple mistakes can have important ramifications. While the majority of students were not affected, we will work with those who might have been to help address concerns.”
[Comfyllama] The word "mistakes" in this statement is what has led to us labeling this breach as "Employee Mistake".
The university said it will mail new bills shortly and agreed to waive late charges for anyone affected by the problem.
Commentary:
This breach is unusual. It's almost like 3,100 little 1 victim breaches rather than one 3,100 victim breach. Potentially, each victim may have had their personal information disclosed to one person. Anyway, I don't see the value in including Social Security numbers on student billing. There are better ways.
Past Breaches:
None
Posts Atom 1.0
Comments