This weekend, when over 130 individuals — 11 of them Binghamton University students — were notified that their Social Security numbers had been in a laptop which was stolen on March 13, they were given a year’s free access to a credit-monitoring service (see page 1).
Seemingly, the company responsible for the material on the laptop is more concerned with taking care of its clients’ constituents than the clients themselves (SunGard Higher Education is the company which manages the Banner system).
In an editorial two weeks ago, we implored the University to be more cautious about their use of Social Security numbers and any leaks that may threaten student privacy. Now, in the wake of several security breaches, yet another instance of leaked numbers should be sending shivers down the spine of BU’s administration.
It’s not only the University which requires students to use their Social Security numbers as logins to access everything from our DARS to our schedules. Now, outside companies have access to the information, and even high school seniors who apply here also use the number as identification, and the practice of so much use (or misuse) is worrying.
But SunGard’s offer of a free year of service is at least a sweet gesture — and goes beyond merely referring students to a list of credit agencies, a course of action the University seems keen to take. And although New York State law doesn’t give a limit to how soon organizations should inform “victims” of security breaches, SUNY was told about the incident on April 9, nearly two weeks before students were notified this weekend.
Having your most important identification number leaked onto the Internet is worrying enough, but having to negotiate the web of credit agencies can be worse. What’s important for individuals to know is that the national credit-reporting agencies will send free credit reports to people who call in a fraud alert. Equifax, Experian and TransUnion are the three agencies. Calling one of the agencies will trigger the other two to prepare a credit report, and it can be a valuable first step in assessing what damage has been done.
Most important, students should begin to fervently question the University’s excessive use of personal information as logins.
University at Buffalo reduced the instances in which Social Security Numbers were used as logins and identification numbers. In their policy, Buffalo states: “Our goal is that the use of Social Security numbers as a common identified and primary key to database will be discontinued where required for employment, financial aid and a limited number of other business transactions as of January 1, 2006.”
Considering BU’s long-standing rivalry with other big-name schools who compete with us for money, it may be time for the University to take a cue from a good policy intended to protest students and, frankly, to do the right thing.