Data Breach at Syracuse University Leaves Almost 10,000 Names, SSNs Exposed

Data Breach at Syracuse University Leaves Almost 10,000 Names, SSNs Exposed

  • By Matt Jones
  • February 11, 2021

Syracuse University has recently informed about 9,800 of its students, alumni, and applicants of a data security breach that might have exposed their names and Social Security numbers. This week, the university mailed a letter to affected individuals telling them of the incident and updating them on the progress of their investigation so far.

The breach occurred sometime between Sept. 24 and Sept. 28, 2020, when an unauthorized individual accessed a Syracuse employee’s email account. The university launched its investigation in early January and discovered that emails and attachments in the account contained private information, like names and associated Social Security numbers. Despite cooperation with a computer forensics firm, the university has been “unable to determine” whether the unauthorized individual accessed or viewed this private information.

In a statement to the SU campus newspaper, The Daily Orange, senior associate vice president Sarah Scalese said, “To date, we are unaware of any misuse of the information maintained in the employee’s email account, nor do we have any evidence that private, personal information was actually viewed.”

The university has since teamed up with consumer credit reporting company Experian to provide potentially affected individuals with a free membership. The Experian service focuses on personal identity protection support and identifying misuse of personal information. Use of the service will not affect students’ credit scores, according to the letter mailed out this week.

SU has also announced that it is establishing additional security resources like cybersecurity training and phishing training for employees who handle personal information.

“We sincerely regret any concern this incident may have caused,” said Scalese.

The university has not yet addressed the specifics of how the breach occurred. Nor have they addressed why they waited nearly a month between starting their investigation and informing those potentially affected. According to an editorial from The Daily Orange, the university has also neglected to send out any campus-wide news release or similar notification that the incident happened.

Sources:
http://dailyorange.com/2021/02/names-social-security-numbers-of-syracuse-university-students-exposed-in-data-breach/
http://dailyorange.com/2021/02/data-breach-syracuse-universitys-silence-glaring/

About the Author

Matt Jones is senior editor of Spaces4Learning and Campus Security and Life Safety. He can be reached at MJones@1105media.com

Featured

  • Expanding Mobile Access Credentials

    The new academic year is now kicking into high gear at colleges and universities, and on many campuses, students were welcomed this fall with the added convenience and security of mobile access credentials. It is a trend that has become more of an expectation than a surprise in the world of higher education as the demand for advancements in electronic access control (EAC) like mobile credentials continues to grow. Read Now

  • New York School District Selects AtlasIED’s IPX Technology for Modernization Initiative

    The North Syracuse Central School District (NSCSD), a K-12 public school district in Central New York state, serves the communities of North Syracuse, Clay, Cicero, Bridgeport, and Mattydale. With 11 elementary, middle, and high schools, the district covers almost 90 square miles and has 7,792 students and approximately 700 teachers. With some of its school buildings over 60 years old, the district needed to renovate many of them, some more urgently than others. As part of the process, district administrators and staff reevaluated all infrastructure elements and their approach to campus safety, selecting AtlasIED IPX technology to modernize their intercom, audio announcements, and emergency communications systems. Read Now

Most   Popular

Webinars