Home > News > ITSS error causes security breach
ITSS error causes security breach
BY MIKE McGRATH
STATESMAN STAFF WRITER
iISSUE: 78/23
Senior Wes Johnson received a letter in the mail and noticed his student ID number on the label. He did not think much about it until he received an e-mail from ITSS explaining the security breach. Due to an error by ITSS, 3,218 UMD seniors received a letter in the mail with their student ID number on the label, and UMD considers this a security breach of private student information. The letter contained information regarding the UMD graduation fair, held Thursday, Feb. 21. “I would feel violated by the University if my ID number was misused, but I don’t really know what information is available with just my ID number,” said Johnson.
The Family Education and Privacy Act (FERPA) works to keep classified student information private, and they consider student ID numbers to be private information because they are a unique way of identifying students. However, UMD’s FERPA Director Judy Hinnenkamp wants students to know that the ID number alone is not enough to obtain private information. “Someone would also need your username, password, current address and possibly the last four digits of your Social Security Number,” said Hinnenkamp. “But I don’t want to minimize this, because it is serious.”
ITSS director Linda Deneen explained that they were asked to provide mailing labels for the UMD bookstore to inform seniors of the upcoming graduation fair. However, an ITSS staff member used a template from a previous assignment that required student ID numbers. “She should have taken the student ID numbers out, but she didn’t,” said Deneen. “It was a mistake for which we are very sorry.”
She went on to explain the labels were given to the bookstore stuffed into envelopes, brought to the mail room, then shipped through the U.S. Postal Service and delivered to the students. The incident was reported by concerned students who notified the bookstore. “Not that many people would have seen it, and if they did, they wouldn’t have recognized it,” said Deneen. “I don’t consider this to be a large risk to students, but they have the right to know.”
ITSS notified FERPA about the incident, and FERPA looked for legal council from their attorneys at the Twin Cities campus. They advised ITSS to notify all students involved immediately, according to Hinnenkamp. ITSS sent out an e-mail explaining the situation and advised students to report any suspicious activity on their record. Both FERPA and ITSS have not seen a problem like this in the past and are going to strengthen their security measures to prevent a problem like this in the future. “Whenever we do a set of mailing labels in the future, one person will generate them and another person will review them so we can be more careful,” said Deneen.
