Get the latest news from Syracuse delivered straight to your inbox.
Subscribe to our newsletter.
On February 23, a senior from the College of Visual and Performing Arts received a photo of a letter from her mother. Your private information, the letter from Syracuse University said, may have been leaked.
Around 9,800 SU students as well as alumni and applicants were affected by the data leak after someone had gained unauthorized access to an employee’s email account. Data such as social security numbers and names were exposed in the leak.
The Daily Orange granted the VPA student anonymity for this story as identifying information such as her name could be used maliciously due to the data leak.
Aside from the first letter, the VPA student said she had received no notice of the data breach from the university.
“The only contact from the university was that little letter,” she said. “I didn’t get any feedback, which was unfortunately not surprising as I have the feeling that the university doesn’t handle situations well.”
The DO also spoke to another student, a senior at the Newhouse School of Public Communications, who was affected by the injury and who wanted to remain anonymous. Her name, social security number and home address were leaked, she said.
The university offered a year of Experian IdentityWorks free of charge to all concerned. The product “helps to uncover possible misuse of your data and offers you support with identity protection, which focuses on the immediate identification and resolution of identity theft,” says the letter to those affected.
Both students said it was not enough.
While the school granted a year of protection software, the potential impact of the data leak could last for a lifetime, the newhouse senior said.
“I don’t ask much, but could I at least get protection after the year?” She asked.
They make it seem like a little problem when it’s a really big problem
VPA Senior on how the SU is dealing with the data breach
After speaking with the university, the student was told that the SU would look into a possible extension of the service after a year, she said. She plans to contact the school about the possibility.
Eric Ferguson, communications manager for the SU information technology services, did not comment on whether the university would renew subscriptions to Experian IdentityWorks.
The university has not found any misuse of disclosed information since an investigation was completed, Ferguson said in an email statement to The DO.
“We offered information security training for employees, migrated employee e-mails to Microsoft Office 365 (which offers additional security through multi-factor authentication), formed a campus-wide task force for personally identifiable information and expanded MySlice to include multi-factor authentication” so Ferguson said in the email.
MORE COVERAGE:
ITS announced in a campus-wide email on Thursday that MySlice will be undergoing maintenance for an update this coming weekend, including the addition of two-factor authorization. The email was sent two days after the DO first contacted the department about possible security precautions for the SU data.
Ferguson did not comment on the employee training, the newly created task force and the full investigation into the data leak.
The VPA student said she has not had any major incidents involving her data since the injury. But she’s worried.
“It’s a great fear of mine, and it’s a fear I shouldn’t be worried about because I entrusted this information to the university,” she said.
Concerned about what might happen after the shelter year is over and she graduates, the senior is demanding some kind of compensation from Newhouse.
“This could potentially be something I will have to pay for for the rest of my life, either through protection or something, so they should give us some kind of compensation or a tuition reduction,” she said.
The VPA student said it felt “cheap” to only get a year of surveillance service as the leak was the university’s fault.
“They make it seem like a little problem when it’s a really big problem,” she said. “We entrusted this information to the university.”
Posted on September 28, 2021 at 11:38 pm
Contact Kyle: [email protected] | @Kyle_Chouinard
