Alex McKeen reports:
On October 29, some students received e-mails from the University of Toronto enrollment services indicating that they were awarded funding through University of Toronto Advanced Planning for Students (UTAPS) only to find that they had also been sent 179 files containing sensitive information that was not theirs.
[…]
The 179 files that were inadvertently distributed contained students’ names, street addresses, award amounts, student numbers, and faculties of study.
Read more on The Varsity, the U. of Toronto’s student newspaper.
I am encouraged when I see student newspapers – and students – taking these breaches seriously. Noteworthy is that at least one student is not satisfied with the university’s response of just asking all the recipients to delete the attachments without sharing them – even though that is a fairly typical response, and I would be troubled if the university hadn’t make that request:
Talisa has not yet deleted the email in question. Talisa received a follow-up email on November 5 from Wall, asking her once again to delete the email. She has not yet responded. “[The] only reason I haven’t deleted it is to keep this evidence,” she said.
“I think they haven’t done enough to address the issue. After all, not only is my personal information out there, but if I had someone I didn’t like on campus who also got UTAPS, they now know exactly where I live,” Talisa said.
Hopefully, the student in question has stored the email and attachments securely while she considers their request and the steps the university has taken to ensure this type of error does not happen again.