SUBSCRIBE
News

UMBC students' data put on Web in error

THE BALTIMORE SUN

About 2,500 students at University of Maryland's Baltimore County campus were notified this week that their names and Social Security numbers had accidentally been published on the Internet, university officials said yesterday.

The sensitive information has been deleted from public view. But concerns remain about the security breach and whether students will become victims of identity theft as a result.

"It's frightening. It shocked me that it could go unnoticed by the university," said Mark Stewart, a 22-year-old senior from Columbia who serves as Student Events Board president.

Jack Suess, chief information officer for UMBC, said, "It was clearly a mistake on our part."

He said that thousands of other students' Social Security numbers might have been posted on the Internet, but that it didn't appear they had been accessed.

The problem began at the end of August when the university deleted e-mails with students' Social Security numbers, not realizing there was an archive of those e-mails on a Web page. The e-mails had been a normal way of updating new students' information and changes in registration information, Suess said. By deleting the e-mails, the restrictions on those who had access to the Web site archive was also removed, he said.

The Internet search engine Google indexed the Web site containing the students' names and Social Security numbers in late August. A student searching to see whether there was public information about him on the Internet came across the list and informed the university about it Nov. 6, said Suess.

The information was then deleted from the Web site, but remained cached in Google's system - a problem the student noted Nov. 12. Working with Google staff, the information was removed from the Internet on Nov. 15, Suess said.

"Everyone over the last few years has become increasingly concerned about identity theft," said Suess. "Your name and Social Security number is a piece of information you want to try to protect."

Baltimore County Detective Mark Watkins, who specializes in identity theft cases, said identities can easily be stolen with a person's name and Social Security number. "The Social Security number is the key to your personal credit," he said. "With a name and a Social Security number you're in the door, especially at these places that offer instant credit."

Since sending out e-mails last weekend to the 2,500 students whose information was exposed, Suess said he has received about 25 replies from students who wanted more information. He and other authorities recommend everyone check their credit reports annually to ensure there aren't any oddities.

Suess stressed that there were only about 15 visits to the Web site and that to find the information, the user would have had to have searched by name and Social Security number.

Still, students say that doesn't make them feel that much safer.

"The university doesn't seem that concerned," said Brandon Dudley, editor of The Retriever, the campus newspaper. "Even if there weren't that many hits on the site, it only takes one person [to illegally use the information]. ... From talking to students, it seems a lot of them are concerned about this."

University officials said they expect to complete a $6 million overhaul of the way they track student information by 2005.

Copyright © 2021, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad

You've reached your monthly free article limit.

Get Unlimited Digital Access

4 weeks for only 99¢
Subscribe Now

Cancel Anytime

Already have digital access? Log in

Log out

Print subscriber? Activate digital access