14 DAY TRIAL // An internal issue with the computer systems of Auburn University in Alabama made it possible for highly sensitive data belonging to some students, to become accessible online since September 2014.
The issue affects current, former and prospective students, and it has been discovered at the beginning of March.
Issue fixed, identity protection provided
Immediately after having learned of the inadvertent blunder, the problem was repaired, and the educational institution contracted the services of independent forensics experts to determine data that had been revealed to the public.
The results of the investigation showed that names, addresses, dates of birth, social security numbers (SSN), email addresses, and academic information were exposed for the period of the leak.
The university alerted the impacted individuals in a letter signed by Dr. Wayne Alderman, Dean of Enrollment Services.
He informs that there is no evidence that the information was misused in any way. Nevertheless, identity protection and fraud resolution services from Experian are provided for a period of two years to all those affected by the incident.
Additional preventative action is recommended
“While Fraud Resolution assistance is immediately available, we encourage you to also activate the fraud detection tools available via ProtectMyID Alert, which provides superior protection and identity theft resolution,” Dean Alderman says in the letter.
ProtectMyID service allows the beneficiary to check the type of information associated with their credit file and monitors the Experian file for any indication of fraud.
He informs that the university has taken steps to enhance the security of the personal information on its systems.
To make sure that fraudulent activity is stopped at an early stage, anyone whose sensitive information, such as the SSN and card info, has been disclosed to unauthorized parties is advised to check the bank account statement periodically.
SSNs can be used to file fraudulent tax returns as well as to apply for credit from a financial institution in the name of the victim.
In the case of email addresses combined with the name of the owner, there is the risk of highly convincing phishing.