University addresses security breach
Published: Wednesday, October 27, 2010
Updated: Wednesday, October 27, 2010 23:10
A recent security breach on the Storrs campus revealed a list of former students' names and Social Security numbers and made them available on the Internet.
The university was made aware of the situation Oct. 4 after one of the individuals on the list discovered it and alerted university officials, according to university spokesperson Michael Kirk.
"Once the university became aware of this, the information was removed from the Internet," Kirk said.
The list was "inadvertently" made public on the Web by a faculty member who had saved a class list of one-time students that was able to be viewed online, according to Kirk.
The 23 students whose names and Social Security numbers were on the list were enrolled in the class in 2000. The university sent letters to each individual offering two years of credit protection through Debix, an identity protection company, at the university's expense.
The breach was addressed at the Oct. 11 meeting of the University Senate, where Provost Peter Nicholls, speaking on behalf of President Philip Austin, notified senators of the incident. Nicholls urged any present faculty and staff to take steps to remove sensitive information, such as student Social Security numbers, from their computers. Software capable of searching out such information for removal will be provided to faculty, he said.
Austin also addressed the issue of security in an Oct. 18 letter to the university community, in which he outlined a plan for improving computer security. Major components of the plan include restricting sensitive information except to employees who legitimately need access, training university employees on data management, and implementing what he called "technological tools" to protect or remove vulnerable data.