Ivy Tech Community College employee sends errant email
Technorati Tag: Security Breach
Date Reported:
9/11/08
Organization:
Ivy Tech Community College
Contractor/Consultant/Branch:
None
Location:
Indiana, United States
Victims:
"distance education students enrolled during the Spring 2008 semester"
Number Affected:
"about 23,000"
Types of Data:
"name, address, and social security number"
Breach Description:
"On July 28, an employee of the college used an internal file sharing system to send a file that consisted of students enrolled in the spring 2008 semester for distance education courses. The employee intended to share the file with a single employee of the college. Instead, due to a clerical error, the invitation to view the file was sent to a list of all Indianapolis region employees."
Reference URL:
Ivy Tech Information Security Notice
Ivy Tech Information Security Notice - Frequently Asked Questions
The Indy Channel
Report Credit:
Ivy Tech Community College
Response:
From the online sources cited above:
INDIANAPOLIS -- The personal information of about 23,000 Ivy Tech students was accidentally sent out in an e-mail to 1,400 people, according to a letter from the school.
[Evan] In general, email is not an adequately secure method to send sensitive confidential information. Even if we discount the mistake, it is important to point out that email (in general) is not encrypted and is subject to interception on the wire.
In the letter Ivy Tech Indianapolis Vice President of Administration William Morris writes that the e-mail was sent during the last week of July.
He said an employee intended to e-mail the list -- which included the names, addresses and Social Security numbers of students who were enrolled in distance-education courses -- to a colleague.
Instead, the file drop was sent to an e-mail group that included about 1,400 current and former Ivy Tech Indianapolis employees, including some current and former student employees.
[Evan] Wow. This is a large distribution list ("group").
The letter stated that electronic records showed only 102 people attempted to open the file and that the file was deleted from the school's system when the mistake was discovered.
The school had not received any complaints of misuse
the letter -- which was dated Aug. 28 but received by students this week -- was sent out as soon as school officials fully investigated what had happened.
Anyone with concerns about the breach should call 1-.
If you have additional questions email
about 80 students had called the number so far
We deeply regret this situation and any inconvenience or alarm it may cause.
Ivy Tech Community College considers the security of student information a very serious matter and works diligently to maintain very high standards in this area.
Commentary:
The mistake that the employee made is such an easy mistake to make. I know that I have sent emails to people who I did not intend to. I have clicked "Reply to All" instead of "Reply", I have sent emails to "Amanda Williams" instead of the intended "Angela Williams", etc. etc. The fact that many email client programs automatically guess who you intend to send an email to doesn't help in this department either.
Two things. Pay close attention to whom you send emails and don't use email to send sensitive confidential information.
Past Breaches:
Unknown
Date Reported:9/11/08
Organization:
Ivy Tech Community College
Contractor/Consultant/Branch:
None
Location:
Indiana, United States
Victims:
"distance education students enrolled during the Spring 2008 semester"
Number Affected:
"about 23,000"
Types of Data:
"name, address, and social security number"
Breach Description:
"On July 28, an employee of the college used an internal file sharing system to send a file that consisted of students enrolled in the spring 2008 semester for distance education courses. The employee intended to share the file with a single employee of the college. Instead, due to a clerical error, the invitation to view the file was sent to a list of all Indianapolis region employees."
Reference URL:
Ivy Tech Information Security Notice
Ivy Tech Information Security Notice - Frequently Asked Questions
The Indy Channel
Report Credit:
Ivy Tech Community College
Response:
From the online sources cited above:
INDIANAPOLIS -- The personal information of about 23,000 Ivy Tech students was accidentally sent out in an e-mail to 1,400 people, according to a letter from the school.
[Evan] In general, email is not an adequately secure method to send sensitive confidential information. Even if we discount the mistake, it is important to point out that email (in general) is not encrypted and is subject to interception on the wire.
In the letter Ivy Tech Indianapolis Vice President of Administration William Morris writes that the e-mail was sent during the last week of July.
He said an employee intended to e-mail the list -- which included the names, addresses and Social Security numbers of students who were enrolled in distance-education courses -- to a colleague.
Instead, the file drop was sent to an e-mail group that included about 1,400 current and former Ivy Tech Indianapolis employees, including some current and former student employees.
[Evan] Wow. This is a large distribution list ("group").
The letter stated that electronic records showed only 102 people attempted to open the file and that the file was deleted from the school's system when the mistake was discovered.
The school had not received any complaints of misuse
the letter -- which was dated Aug. 28 but received by students this week -- was sent out as soon as school officials fully investigated what had happened.
Anyone with concerns about the breach should call 1-.
If you have additional questions email
about 80 students had called the number so far
We deeply regret this situation and any inconvenience or alarm it may cause.
Ivy Tech Community College considers the security of student information a very serious matter and works diligently to maintain very high standards in this area.
Commentary:
The mistake that the employee made is such an easy mistake to make. I know that I have sent emails to people who I did not intend to. I have clicked "Reply to All" instead of "Reply", I have sent emails to "Amanda Williams" instead of the intended "Angela Williams", etc. etc. The fact that many email client programs automatically guess who you intend to send an email to doesn't help in this department either.
Two things. Pay close attention to whom you send emails and don't use email to send sensitive confidential information.
Past Breaches:
Unknown
Posted by Evan Francen at 9/16/2008 12:20 PM 
Categories: Ivy Tech Community College, Employee Mistake
Categories: Ivy Tech Community College, Employee Mistake
Posts Atom 1.0
Comments