The following statement was issued by Humboldt State University yesterday:
Humboldt State University is alerting approximately 5,700 students to take precautions against identity theft in the wake of a single incident involving one student’s personal information.
The affected files have been secured and HSU has verified it was a single incident. It is unlikely the privacy and the personal information of other students have been breached, but a notification letter to them recommends obtaining a credit report as a precaution against unusual activity.
The letter to all potentially affected students details the incident, suggests precautions and informs students that the many information security procedures and practices the University has in place are being reviewed. Security measures are reassessed regularly for their effectiveness and enforcement.
The letter of notification explains that personal information was included inadvertently as an attachment to an email which was transmitted in response to a legitimate data request. The affected party alerted the university immediately and HSU verified that all copies of the file were removed from the system.
California residents are entitled to a free credit report annually. A report or fraud alert from one or more credit agencies is available at www.annualcreditreport.com. Periodic reviews are effective against identity theft.
The website of the Office of Privacy Protection of the California Department of Consumer Affairs posts helpful information concerning personal privacy. The address isprivacy.ca.gov.
Anyone who may have been affected or who has follow-up questions is encouraged to dial the Humboldt State Information Security Office at 707/826-3815. Full information is posted at humboldt.edu/security.
The letter of notification is posted at humboldt.edu/letter312.html.
That first sentence may be a bit confusing. It was a single incident, but it didn’t involve just one student’s personal information. As explained in their notification letter, an e-mail attachment error exposed 5,700 students’ names, addresses, and Social Security numbers to another student.
h/t, Redwood Times