A second New York University website security lapse has affected approximately 2,100 people and has brought about change in the way the university issues identification numbers.
A student discovered that personal information of 2,100 students, faculty members, alumni, staff members and persons unaffiliated with NYU was accessible to the public on the Bronfman Center for Jewish Student Life’s website. The university shut down the site shortly after the discovery Jan. 30. Social Security numbers of 400 of the 2,100 people were also posted online. NYU notified those affected via a letter in the mail.
John Beckman, vice president for university relations at NYU, said the Bronfman Center collected names via the website to use in a mailing list.
“We regret this incident, and apologize to those who were on this mailing list,” Beckman said. “In communicating with them, we told them steps they can take to protect themselves, and directed them to a Federal Trade Commission website about identity theft, and we gave them contact e-mails and telephone numbers for our Information Technology Services office to answer questions they might have.”
Although the University of Wisconsin has not had an incident like the one at NYU, Brian Rust, senior administrative program specialist at UW’s Division of Information Technology, said it is important to take into consideration NYU has hundreds of web sites.
“Things like that could happen in a number of different ways,” Rust said. “You could have a system leak, an inadvertent human error, or someone could hack into the website and use the information,” Rust said.
The first NYU website security lapse occurred in January, while students were on winter break. An intramural sports website was shut down as a result of athletes’ personal information, including Social Security numbers, being available to the public.
“[The web security lapses] were not created by the same person. They share some characteristics — these were both web-based applications set up by individual offices at the university, they did not involve central university computer systems, and in both cases, the security setting for the applications were not properly set,” Beckman said.
NYU currently uses students’ Social Security numbers as their university ID numbers, which has caused many students to be critical of the current student ID system. By fall, NYU plans to have a new student ID system in place, using a numerical letter followed by eight random digits, Beckman said.
In a letter to the editor in NYU’s student newspaper, “The Washington Square News,” a student stated, “Our IDs float around far too insecurely, giving people the ability to access grades, alter class assignments or open accounts in our names. But Social Security numbers alone are not the issue. Living in New York City, it is unsafe to have students’ information accessible to outsiders. The university has continually assured us that it is doing everything it can to keep us safe. Better protection of our personal information is vital to that task.”
Beckman said he understands the concern over the possibility of identity theft.
“I wouldn’t say overall this makes them any less responsible than any other university,” Rust said.