Bewildered intramural athletes at New York University recently discovered that their social security and phone numbers were leaked to the Internet. The information was picked up by Brian Ristuccia, a computer technician in Massachusetts who found the list of information on NYU’s website while surfing the web.
NYU notified the 1,800 intramural athletes via e-mail, saying vital information was posted on Ristuccia’s website, and because of this action the university is considering taking legal action.
According to The New York Times, Ristuccia said he sent the NYU administration an anonymous e-mail message in December to notify it of the accessible information, but no action was taken because NYU had no record of Ristuccia’s e-mail.
Jonathan Vafai, the chair of the Student Senators Council and the University Committee on Student Life, said NYU’s student body was shocked.
“Students were horrified to learn about this and the actions of the man who made the copy of the file,” he said.
Vafai also said the information leaked from an isolated registration for intramural activity, not an official, university-wide database.
Vafai said the council called for the university to move from social security numbers to student ID numbers, and for NYU’s Information Technology Services division to check out other areas where student information could be potentially collected online. Vafai also cautioned students to monitor their own web safety.
“I am advocating that students be more vigilant about who they give their personal information to,” he said. “[This issue] has raised awareness of the issue of identity theft, so students are already being more careful.”
Brian Rust, marketing communications representative at the University of Wisconsin-Madison’s Division of Information Technology, said UW started converting from social security numbers to student ID numbers a few years ago. He said during his 15 years on the UW campus, he had been prompted to get a new ID in place of his social security number about two years ago, after receiving a letter.
Rust said chances are slight of a similar happening at UW.
“Someone at NYU made a mistake,” he said. “The key is how quickly it’s identified and fixed.”
Rust offered advice to web users to help prevent something of this magnitude from happening to them.
“Don’t give anyone your personal information, like your social security number or credit cards, unless you are certain the web link you are using is secure,” he said. “And the company should have a good reputation when it comes to security.”