Sarah Krimm reports:
At 8:55 a.m. on Thursday, Aug. 26 an e-mail containing the Social Security number, driver’s license number, and first and last name of 2,484 full and part-time ASU [Arkansas State University] employees was sent to 144 ASU e-mail addresses.
This information breach has raised concern among affected faculty, as identity theft becomes a risk when Social Security numbers are disclosed.
[…]
ITS explained in an e-mail sent to each user affected by the breach that Social Security numbers were collected during the registration process to register drivers with the Arkansas Department of Finance and Administration. The reason for this is prior to 2000, the State of Arkansas used Social Security numbers as driver’s license numbers.
“The file contained personal information of employees who had filed for (a) authorization to drive a [Arkansas] State University vehicle, or (b) permission to be reimbursed for driving their personal vehicle on [Arkansas] State [University] business,” Hoeting said. “What happens is our Travel Office is required to register those employees with the state, and it checks their driving record and other things, to make sure they’re legally able to drive those vehicles, and that’s essentially what the file was.”
Hoeting said it was his understanding that the 144 recipients of those files were a part of a distribution group that receives a newsletter from the Travel Office.
Read more in The Herald.