[Dataloss] University of MD mails 24000 SSN on front of envelope

Kim Z. Dale k-dale at northwestern.edu
Wed Jul 23 16:07:24 UTC 2008


It seems odd to me how many incidents of SSNs printed as part of a mailing
address occur.  Are all these places using the same software, or are people
just that bad at mail merge?  It seems like an odd thing to happen across
multiple organizations.


-----Original Message-----
From: dataloss-bounces at attrition.org [mailto:dataloss-bounces at attrition.org]
On Behalf Of Henry Brown
Sent: Wednesday, July 23, 2008 9:42 AM
To: dataloss at attrition.org
Subject: [Dataloss] University of MD mails 24000 SSN on front of envelope

 From The University of MD Independent Daily Newspaper

http://tinyurl.com/6j6rhv

Social security numbers of students registered for fall 2008 classes, 
totaling nearly 24,000, were inadvertently printed on mailing labels for 
a parking brochure, the Department of Transportation Services said in an 
e-mail to students today.

"The University apologizes, and deeply regrets this unfortunate mistake. 
We are taking aggressive steps to ensure that this does not happen 
again. We strongly recommend that you take appropriate precautions to 
mask, black out, or destroy this document after use," said the e-mail, 
signed by DOTS Director David Allen.

The mailings were sent July 1, but the mistake was not discovered until 
July 8, when students began calling DOTS to complain, according to a 
website set up by DOTS specifically for this incident. The website can 
be found at http://www.transportation.umd.edu/parkingmailer/.

The university is not aware of anyone's social security number being 
misused, added DOTS in the e-mail.

The university will offer free Equifax reports to affected students, at 
a cost to the university of about $23 a person, said Vice President for 
Student Affairs Linda Clement. With Equifax, the students can monitor 
their credit or place a fraud alert on their account.

Clement explained that when a DOTS employee collected names and 
addresses for the brochure, social security numbers and e-mail addresses 
would have appeared in the search, but were supposed to be removed from 
the labels. DOTS saw the e-mail addresses on the labels but didn't 
identify the social security numbers because they were not separated by 
the typical two dashes, she said.

The incident is under investigation and the person involved has not been 
fired, Clement added. The delay in notifying students was due to the 
legal office negotiating a deal with Equifax.

"We sincerely regret it," Clement said. "This is just an awful 
situation; we're trying to do everything we can to mitigate it."

A letter explaining the situation and offering remedies will be sent to 
students Friday or Saturday, said Ann Wylie, the university president's 
chief of staff.

"We were horribly upset that this happened," she said. "It was a human 
error."

_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml




More information about the Dataloss mailing list