Thursday, May 20, 2004
Private Student Data Possibly StolenA friend of mine received this cryptic email, which seems to indicate a flaw in the new Wolverine Access system might have made available the names, home addresses, and Social Security Numbers of some students - since last February.
From: "Paul Robinson, University Registrar"
Date: May 20, 2004 7:44:26 PM EDT
Subject: Data Security Breach
On Monday, May 17, the University of Michigan Administrative Information Services determined that a small selection of personal student data elements may have been exposed to some individuals within the University community through the Wolverine Access Web site. The data elements that may have been viewed include UMID, Social Security number or National ID, and home address information. It has been determined that this situation may have existed between February 9 and May 17, 2004.
We are notifying you as a precaution because there is a slight possibility that your personal data may have been accessible to someone within the University community who was not authorized to see this information. Because of the obscure nature of the vulnerability, we believe it is highly unlikely there was unauthorized access of student information during this time.
However, as a precaution, we encourage you to observe practices like monitoring billing statements for accuracy, checking credit reports, etc. Identity theft has become a growing concern in our country and these are good practices to follow as a matter of course.
If you believe your Social Security number has been used fraudulently, file a police report, contact the Social Security's Office of the Inspector General Fraud Hotline at 1/800-269-0271, and contact national consumer reporting agencies to file a fraud alert. For more information, visit the Federal Trade Commission website at www.consumer.gov/idtheft
The University has eliminated the system vulnerability and retested other services available through Wolverine Access. We do not believe any other similar vulnerabilities exist that would allow unauthorized access to student data.
The University of Michigan is committed to maintaining a secure computing environment. We sincerely apologize for the incident and regret any inconvenience this may cause you. If you have questions about this incident, please call 734-936-7000 and select option 4."
Posted by Rob at 8:00 PM