Iowa State University Prof. Posts 26 Students' SSNs OnlineFOR IMMEDIATE RELEASE: February 4, 2008
Media Contact: Aaron Titus
AMES, Iowa. In early December, 2007 Iowa State University posted the names, social security numbers, scores, and grades of 26 former students on its website. The students all appear to have taken the course "ME 325" in the Spring of 2001 from Gloria Starns. The information, along with e-mail addresses was posted on iastate.edu from January 2002- January 2008. Much of the information in the files may be protected by FERPA, and all of it is sensitive. By placing students' names and social security numbers online, Iowa State University has put these 26 students at severe risk of identity theft and other kinds of fraud.
Paragraph 3.1.2. of the Iowa State University Code of Computer Ethics indicates that Iowa State University does not have a regular policy of searching text and non-text based files on public servers to determine whether they may contain sensitive information.
"...individuals are responsible for securing and protecting their information...Individual information should be protected based on the level of risk associated with its loss or misuse. Colleges, departments, central information technology providers and other units may assist individuals by offering services including secure storage of files with systematic copying of data and/or archiving. Nonetheless, individual students, faculty and staff are ultimately responsible for securing their own information and should take action to assure their individual data is protected to the level they deem adequate." (Accessed 4 Feb 2008)Especially in this instance, where a faculty member accidentally posted sensitive information six years ago and likely forgot about the information, the University is in the best position to catch breaches when they occur, before search engines index the files.
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.