Personal information exposed
March 27, 2006
For over a month at the beginning of this semester, a document containing Social Security numbers and other personal information of a few hundred students and alumni in the computer science department was accessible to anyone on the Web.
“The document was scanned by Google, and accessible to the public for over a month,” said Marc Snir, head of the Department of Computer Science.
It was a document containing personal information used to study retention rates within the computer science department on one of the department’s computers, Snir said.
It was accidentally put in the wrong place -a place accessible from the outside, Snir said.
Those affected maintain that the department should not have had that information on the Internet.
Get The Daily Illini in your inbox!
“They should’ve just kept it on the intranet, said Chris Watford, former University computer science student and a former Illini Media Company employee. “They shouldn’t have that kind of information on the Internet; that’s like leaving a page full of Social Security numbers on your desk. Besides, the University uses I.D. numbers – so why didn’t they use that number instead of the Social Security numbers?”
Paul Chang, senior in Engineering, agrees with Watford.
“I don’t understand why they didn’t just use the UIN’s instead of our Social Security numbers,” he said. “It was very irresponsible of them.”
Snir said a letter was sent out to all affected students and alumni informing them of the situation.
“I didn’t even get the letter explaining what had happened,” Chang said. “It was sent straight to my parents.”
In response to the incident, the department also set up a phone line to accept calls from students or anyone else who wanted more information.
“We received approximately 20 calls,” Snir said. “Though there have been no cases of identity theft reported, we have instructed students to periodically check their credit reports to make sure there have been no suspicious transactions taking place.”
Chang said he is still concerned about the possibility of identity theft.
“I’m probably going to get a credit report soon, just to screen for identity theft,” Chang said.
Watford expressed his anger at the situation.
“I have to go out of my way to obtain a free credit report, on my own time,” he said. “I’m self-employed, so those are billable hours.”
Snir said the department is not taking the situation lightly and is working to ensure it does not happen again.
“Because we did not safeguard personal information as we should have, we are changing our procedures,” he said.
The department has already changed where information is stored, and faculty and staff will be trained in securing personal information this week. They are also hiring security officers who will be responsible for the security of the computer infrastructure to ensure privacy is maintained, Snir said.
“We have checked all directories to ensure we don’t have any files with social security information in the department,” Snir said.
However, for those directly affected, there is no easy solution.
“I was pretty pissed about what happened,” Watford said. “I left (the University) two years ago, so it’s entirely unacceptable that this information is still around.”
The department has admitted to making a mistake and is apologetic to those affected.
“I would like to apologize to all the students involved,” Snir said. “It’s not something we’re proud of. We are doing our best to make sure it doesn’t happen again.”