One wrong move has left more than 300 School of Management students vulnerable to identity theft. An e-mail containing the names, Social Security numbers and grade point averages of 338 accounting students were mistakenly sent to an accounting Listserv instead of another SOM faculty member Friday afternoon.
Brian Perry, an SOM undergraduate adviser, had meant to send the e-mail to other faculty members for the purpose of selecting students to receive various academic awards. Instead, the e-mail showed up in the inbox of 288 accounting students.
“We are taking the matter very seriously,” said Upinder Dhillon, SOM dean. “The University is conducting a full investigation of this incident, including how this information was compromised and how information security in the School of Management can be improved.”
Friday evening James VanVoorst, vice president for administration, sent an e-mail to students whose information had been included on the list, notifying them of the situation.
“The University is exploring ways to limit the dissemination of the information,” VanVoorst stated in the e-mail. “Although we have no indication that any of this information will be misused, we recommend that you take appropriate action, including placing a fraud alert through one of the three credit agencies listed.”
The e-mail listed agencies that would send students their credit reports and notify them if any new accounts were opened under their name, free of charge.
According to VanVoorst, the University is investigating new ways to prevent a similar situation from happening.
“It’s important to note that this wasn’t someone invading our campus database,” he said. “We have firewalls to prevent this. We continually stay vigilant on that scope.”
Senior accounting major Josh Tanzer was alarmed when he was notified that his information was included on the list. He was able to talk to Dean Upinder and Assistant Dean Vincent Pasquale about the situation.
“They said they’re taking it very seriously,” he said.
Tanzer immediately took action by calling one of the companies and placing a fraud alert on his credit report. He said that while he appreciates the remedies the school has taken, he’s still bothered by the turn of events.
“It’s still something that I’ll worry about,” he said. “I’ll have to check my credit report continually for the rest of my life because of this.”
Tanzer was also upset because this was not the first time he has found himself in this situation. In 2005, he was one of 414 students whose information was compromised when a file containing their Social Security numbers was left in an unsecured location on a University server.
While there was no evidence that the information was ever inappropriately used, the students were still advised to carefully monitor their credit.
Upinder is encouraging the 338 students who had their information exposed to contact his office with any questions, either by calling (607) 777-2314 or via e-mail to dhillon@binghamton.edu.