By Anthony Clegg
While Cal Poly continues to increase student identity security,
a recently-discovered security breach resulted in the private
information of 355 applicants to be visible online.
This private information included applicant names, addresses,
phone numbers and Social Security numbers. At no time, however, was
any financial or academic information leaked.
According to a Cal Poly press release, student applicants from
February 2003 had their personal information accidentally placed
into public folders online. When Cal Poly officials realized this
mistake in November 2008, they deleted the information from the
Some information, however, had been inadvertently retained in
key word indexes by Google, as was discovered by a former applicant
while doing a Google search of himself.
Meaning any persons personal information could have been found
Once one of the 355 applicants who were affected discovered this
problem, the former student notified a Cal Poly official, who
sought to correct this error with Google’s cooperation.
Those affected by the security breach are in the process of
receiving letters of notification stating their identities have
been put at risk. Although there is no evidence to suggest that
information was used for unscrupulous purposes, these students and
applicants are being encouraged to search their academic and
financial records to ensure they have not been subjected to
identity theft of any kind.
A similar situation where Cal Poly was subjected to a security
breach occurred in 2005.
This event, however, dealt with a computer hacker who found a
path to bypass security measures. This hacker’s actions put more
than 30,000 applicants, students and teachers at risk of having
private information become public.
Stephanie Doda, chief information officer for Instructional
& Information Technology at Cal Poly, said at Cal Poly student
information is safely protected.
“The university acted promptly to remove the data when we were
notified that this information was available online,” said Doda.
“We take the protection of personal information very seriously and
have taken remedial measures to try to ensure that this situation
is never repeated.”
To prevent this from occurring again, Cal Poly is in the process
of increasing the security of personal student information.
Tim Lynch, senior media communications coordinator, said
I&IT is unlikely to explain exactly how they are planning to
prevent another security breach from occurring at Cal Poly.
“I doubt [I&IT] would disclose details lest they give
hackers an edge,” he said “What I can tell you is the university is
in the process of implementing a multi-year program to bring all of
its computers and servers to an optimal level of security.”
In addition to these precautions, everyone employed in the area
of accessing confidential data is in the process of improving their
techniques and their levels of training.
Cal Poly is exclusively using the Bronco number in place of
Social Security numbers for all on-campus identification, which
greatly improves the security for each student. The only use of
Social Security numbers would be for the limited number of issues
that require them, such as financial aid and scholastic records
from other colleges.
According to Lynch, just because security has been improved,
does not mean another security breach is impossible.
“The university cannot guarantee that information will never be
breached again,” said Lynch. “With that said, no other university,
or the CIA or White House, for that matter, could offer such a
blanket guarantee. The university has to defend itself against
criminals and hackers who want to gain access, and it takes that
mission very seriously.”
Reach Anthony Clegg at: firstname.lastname@example.org
Illustration by Roland Tran/Poly Post
Security breach threatens student privacy
Show Comments (0)