14 DAY TRIAL // Seton Hall University has inadvertently emailed an Excel spreadsheet with the personal and educational information of 1,500 seniors to 400 other students.
It seems that the document, which contained the names, addresses, emails, student ID numbers, majors, credit hours and grade point averages of students identified as seniors got attached to the email my mistake.
Interim Provost Larry A. Robinson later sent another email entitled "Security Incident," advising the 400 unintended recipients not to open, view, forward, send, discuss or distribute the spreadsheet. According to the Setonian, the university has launched an investigation into the breach and apologized for the error.
It expressed committment to take the necessary precautions in order to ensure the safety of the exposed accounts.
Some students strongly disapproved of the incident, while others were less concerned, claiming that there shouldn't be any real threat as long as Social Security numbers were not exposed.
While under some laws, names alone might not be considered personally identifiable information (PII), they do become so when connected with addresses or emails.
Accidental data leaks such as this one are fairly frequent, but do carry significant privacy and sometimes financial risks.
Last week, we reported how Telstra, the largest telecom provider in Australia, has misdelivered over 200,000 letters containing customer names, telephone numbers and payment plans.
In another case last year, a British ISP called Demon Internet, inadvertently mass emailed the personal details of over 3,600 subscribers, while trying to announce a new billing system.
However, by far the most serious such incident, that we reported, was that of a Rocky Mountain Bank employee, who emailed a document containing the personal and financial information of 1,325 individual and business customers to the wrong Gmail address.
The bank then successfully sued Google to get the Gmail account of an otherwise innocent person suspended.