Data Breach at Syracuse University Leaves Almost 10,000 Names, SSNs Exposed
- By Matt Jones
- February 11, 2021
Syracuse University has recently informed about 9,800 of its students, alumni, and applicants of a data security breach that might have exposed their names and Social Security numbers. This week, the university mailed a letter to affected individuals telling them of the incident and updating them on the progress of their investigation so far.
The breach occurred sometime between Sept. 24 and Sept. 28, 2020, when an unauthorized individual accessed a Syracuse employee’s email account. The university launched its investigation in early January and discovered that emails and attachments in the account contained private information, like names and associated Social Security numbers. Despite cooperation with a computer forensics firm, the university has been “unable to determine” whether the unauthorized individual accessed or viewed this private information.
In a statement to the SU campus newspaper, The Daily Orange, senior associate vice president Sarah Scalese said, “To date, we are unaware of any misuse of the information maintained in the employee’s email account, nor do we have any evidence that private, personal information was actually viewed.”
The university has since teamed up with consumer credit reporting company Experian to provide potentially affected individuals with a free membership. The Experian service focuses on personal identity protection support and identifying misuse of personal information. Use of the service will not affect students’ credit scores, according to the letter mailed out this week.
SU has also announced that it is establishing additional security resources like cybersecurity training and phishing training for employees who handle personal information.
“We sincerely regret any concern this incident may have caused,” said Scalese.
The university has not yet addressed the specifics of how the breach occurred. Nor have they addressed why they waited nearly a month between starting their investigation and informing those potentially affected. According to an editorial from The Daily Orange, the university has also neglected to send out any campus-wide news release or similar notification that the incident happened.