Students notified of personal data security breach from 2002
Notification was sent last week to some former students of the University of Illinois at Chicago College of Business Administration whose personal information, including Social Security number, was recently found to have been publicly accessible on an unsecured website from 2002.
Two documents were accessible: a class roster from a Special Topics in Accounting course, ACTG 594, from spring semester of 2002; and the advising list from spring 2002 for all junior and senior accounting majors.
University staff took immediate action to remove the files from the website and sever connections to the documents, the letter said. Subsequent search of the most commonly used search engines revealed no remaining trace of the data. To date, the campus has not received report of any improper use.
University procedures were changed in 2004 and no longer use SSN as an identifier.
The university sent the letter to every mailing address it had on file for each individual. Because the university cannot verify that it was successful in reaching all affected parties, this news release is being issued in accordance with Section 10 of the 2006 Illinois Personal Information Protection Act.
Concerned individuals may contact the Federal Trade Commission, Midwest Region, 55 W. Monroe St., Suite 1825, Chicago, IL 60603, 1-877-IDTHEFT (1-877-438-4338) TDD 1-866-653-4261. Concerned individuals should take precautions against identity theft as suggested by the FTC on its website and may wish to exercise their right to a free annual credit report from each of the three major credit reporting companies, available online at https://www.annualcreditreport.com or by calling (877) 322-8228. In addition, concerned individuals may obtain information about fraud alerts and credit freezes from these sources.
University staff are reachable at (312) 996-2388 Monday through Friday, between 8:30 a.m. and 3 p.m. Central Time.