Long Island University notifies students of mailing error
Technorati Tag: Security Breach
Date Reported:
2/12/08
Organization:
Long Island University
Contractor/Consultant/Branch:
None
Victims:
"all students who were enrolled at Long Island University in the calendar year 2007"
Number Affected:
~28,000
Types of Data:
Student names, addresses and Social Security Numbers
Breach Description:
"During the week of February 4, University officials discovered that some IRS 1098-T “Tuition Statement” forms for 2007, that had been delivered to the Post Office in what may have been defective mailers supplied to the University, were damaged by Post Office processing machinery. Student names, addresses and social security numbers were on these forms and may have been exposed."
Reference URL:
Long Island University online notification
Newsday.com online report
Report Credit:
Long Island University
Response:
From the online sources cited above:
Long Island University is notifying approximately 28,000 students that their personal data may have been exposed to potential identity theft.
The personal data of all students who were enrolled at Long Island University in the calendar year 2007 may have been exposed.
This exposure affects the University’s two main campuses - Brooklyn and C.W. Post; and its regional campuses.
The personal data includes names, addresses and Social Security Numbers.
Earlier this week, University officials discovered that some IRS 1098-T "Tuition Statement" forms for 2007, that had been delivered to the Post Office in what may have been defective mailers supplied to the University, were damaged by Post Office processing machinery. Student names, addresses and social security numbers on those forms may have been exposed.
one side of each envelope was missing adhesive, according to LIU officials, which caused about half of the statements to be damaged by U.S. Postal Service processing machinery
At this time Long Island University has no indication that this data has been accessed or used by anyone. However, the University recognizes the seriousness of this exposure and the need to inform the affected students as quickly as possible.
[Evan] In this day and age, this is a prudent decision to notify students quickly. LIU deserves credit.
"Long Island University deeply regrets that personal information may have been inadvertently exposed to potential identity theft," Long Island University President David Steinberg said.
[Evan] The leader of the school addressing the situation is another good call in my opinion.
We are notifying all the affected students by letter. We also have established a "Notification of 1098-T Data Exposure" link on the University’s website, set up a hotline (); and provided information to students that will help them protect their personal information.
"The likelihood of identity theft is low," said LIU treasurer and vice president for finance Robert N. Altholz. "But for some period of time the names, addresses and Social Security numbers were available to the people in the post office
[Evan] The additional risk posed by this breach is relatively low. It appears that the information was only exposed to Post Office personnel. I don't feel comfortable with confidential information being sent in the mail, but this happens everyday, especially during this time of year (tax time).
A Victim Reaction:
"Of course, I don't feel good about having my personal information out there," said junior education major Joanna DeMauro, who attends C.W. Post. "This is the first I am hearing about this incident."
Commentary:
As I read the school's breach notification and response, I come away with a sense that the school really does care about the personal information of their students. This is another one of those breaches that could have easily been "swept under the rug". The school is clearly not trying to hide anything. They even have a prominently displayed link on their homepage that reads "NOTIFICATION OF 1098-T DATA EXPOSURE"
The school deserves some credit for their prompt and clear response.
How many IRS forms are sent through the mail this time of year with Social Security numbers on them?
Past Breaches:
Unknown
Date Reported:2/12/08
Organization:
Long Island University
Contractor/Consultant/Branch:
None
Victims:
"all students who were enrolled at Long Island University in the calendar year 2007"
Number Affected:
~28,000
Types of Data:
Student names, addresses and Social Security Numbers
Breach Description:
"During the week of February 4, University officials discovered that some IRS 1098-T “Tuition Statement” forms for 2007, that had been delivered to the Post Office in what may have been defective mailers supplied to the University, were damaged by Post Office processing machinery. Student names, addresses and social security numbers were on these forms and may have been exposed."
Reference URL:
Long Island University online notification
Newsday.com online report
Report Credit:
Long Island University
Response:
From the online sources cited above:
Long Island University is notifying approximately 28,000 students that their personal data may have been exposed to potential identity theft.
The personal data of all students who were enrolled at Long Island University in the calendar year 2007 may have been exposed.
This exposure affects the University’s two main campuses - Brooklyn and C.W. Post; and its regional campuses.
The personal data includes names, addresses and Social Security Numbers.
Earlier this week, University officials discovered that some IRS 1098-T "Tuition Statement" forms for 2007, that had been delivered to the Post Office in what may have been defective mailers supplied to the University, were damaged by Post Office processing machinery. Student names, addresses and social security numbers on those forms may have been exposed.
one side of each envelope was missing adhesive, according to LIU officials, which caused about half of the statements to be damaged by U.S. Postal Service processing machinery
At this time Long Island University has no indication that this data has been accessed or used by anyone. However, the University recognizes the seriousness of this exposure and the need to inform the affected students as quickly as possible.
[Evan] In this day and age, this is a prudent decision to notify students quickly. LIU deserves credit.
"Long Island University deeply regrets that personal information may have been inadvertently exposed to potential identity theft," Long Island University President David Steinberg said.
[Evan] The leader of the school addressing the situation is another good call in my opinion.
We are notifying all the affected students by letter. We also have established a "Notification of 1098-T Data Exposure" link on the University’s website, set up a hotline (); and provided information to students that will help them protect their personal information.
"The likelihood of identity theft is low," said LIU treasurer and vice president for finance Robert N. Altholz. "But for some period of time the names, addresses and Social Security numbers were available to the people in the post office
[Evan] The additional risk posed by this breach is relatively low. It appears that the information was only exposed to Post Office personnel. I don't feel comfortable with confidential information being sent in the mail, but this happens everyday, especially during this time of year (tax time).
A Victim Reaction:
"Of course, I don't feel good about having my personal information out there," said junior education major Joanna DeMauro, who attends C.W. Post. "This is the first I am hearing about this incident."
Commentary:
As I read the school's breach notification and response, I come away with a sense that the school really does care about the personal information of their students. This is another one of those breaches that could have easily been "swept under the rug". The school is clearly not trying to hide anything. They even have a prominently displayed link on their homepage that reads "NOTIFICATION OF 1098-T DATA EXPOSURE"
The school deserves some credit for their prompt and clear response.
How many IRS forms are sent through the mail this time of year with Social Security numbers on them?
Past Breaches:
Unknown
Posts Atom 1.0
Comments