Security Incident – Personal Data Shared Via Electronic Mail
September 13, 2011Information regarding the security incident
September 13, 2011, Truman State University was notified that some personal student information had been inappropriately shared via email. After our initial investigation, we believe this incident involves 10 people, and included unauthorized access to student name, social security number, Banner ID, telephone number, address, birthdate, and possibly transcript data.
Upon being notified, Truman’s Information Technology Services Office immediately took the necessary steps to disable the affected accounts and required each person to show up in person and show proper identification before the account was enabled again. We have no evidence that any personal information has been accessed or used for illegal activities. However, the potential risks associated with identity theft are very serious matters. Truman is taking precautionary steps by informing and advising all affected students about safeguard measures aimed at protecting privacy. Notification was sent to all individuals we believe were affected.
What happened?
The data was collected through the inappropriate use of a Truman computer account, and some of the data was then shared in an email message. The Information Technology Services Help Desk was notified of the offending email, and technical staff were called in to investigate and take steps to remove the exposure. Truman’s Department of Public Safety was also notified by the complainant.
Who is affected?
Approximately 10 students.
When was my personal information exposed?
The personal information was accessed in August and September of 2011.
What specific items of my personal information were involved?
The specific items were your name, social security number, Banner ID, telephone number, address, birthdate, and possibly transcript data.
What is being done now?
All affected accounts were disabled and required each person to show up in person and show proper identification before the account was enabled again. In addition, Truman’s Department of Public Safety is investigating this incident and will report on progress to the affected individuals as necessary. Additional information will be released at https://idinfo.truman.edu.
If my information was among the data exposed or stolen, does this mean that I’m a victim of identity theft?
No. The fact that someone may have had access to your information doesn’t mean you are a victim of identity theft or that they intend to use the information to commit fraud. We wanted to let you know about the incident so that you can take appropriate steps to protect yourself. The best way to protect yourself is to place a free fraud alert on your credit files and review your credit reports.
Has my information been used to steal my identity?
At this time, we have no indication that the information contained on the computer has been used for illegal or malicious purposes. However, the potential risks associated with identity theft are very serious matters, and that is why we have contacted affected individuals.
What is Truman doing to prevent this from occurring again?
Information Technology Services is working on procedures to mask the social security number so that it does not appear on the administrative system pages accessed by general users, it will only be accessible to those with a need to have this data. Additional training is also underway to ensure that Truman computer accounts are properly used and protected.
What should I do?
You should carefully review any bills that you receive in the near future, especially credit card transactions, to ensure that the charges associated with your accounts are accurate. For additional information about identity theft, visit
http://www.consumer.gov/idtheft or call toll free 877-ID-THEFT (877 438 4338); TTY: 866 653 4261. We also encourage you to read through the Frequently Asked Questions on this website.