'Potential Breach' of Confidential Student Data

October 23, 2007

By Sam Nagourney


Two publicly accessible documents that contained the record of nearly 500 recipients of the federal Perkins Loan along with each recipient's address, date of birth, Social Security number, legal name and loan amount were uncovered on the Bates network by The Bates Student on Oct. 13. All that was necessary to access the files was a Bates username and password.

The information which is intended to be private could easily be used for identification theft. Because this information could be used for this purpose, Maine statute 1346 known as "the Notice of Risk to Personal Data Act," enacted this past spring, requires Bates to notify the affected students that the data has been potentially compromised. Information and Library Services Vice President Gene Weimers was uncertain at press time whether or not the Maine statute requires them to notify the Maine Attorney General.

Managing News Editor Conor Hurley of The Student informed the Student Financial Services Office (SFS) that the documents were publicly available on Oct. 15. The SFS Office claims to not have received Hurley's correspondence and the documents remained on the server. When Hurley contacted the SFS Office Monday, it attributed the mistake to the Information and Library Services Office but declined further comment.

Hurley was then contacted by the ILS at which point the documents were no longer available on the server. Hurley was brought in for an interview with Weimers and is currently a component of the investigation into the compromised documents.

Acknowledging the mistake yesterday afternoon, ILS intended to contact the nearly 500 loan recipients yesterday evening to inform them of the security breach, said Weimers. At a little past 9 p.m. Monday evening, an e-mail was sent out informing all Perkins Loan recipients that their information was potentially breached, and that the ILS was investigating the matter.

According to Weimers and Dean of Students Tedd Goundie, while this sort of breach is a constant risk at every college, they have no memory of anything like this ever happening before at Bates.

According to Maine State Law title 10, chapter 210-b: "An information broker that maintains computerized data that includes personal information shall give notice of a breach of the security of the system following discovery or notification of the security breach" (http://janus.state.me.us/legis/statutes/10/title10ch210-Bsec0.html).

A Federal Perkins Loan is a need-based student loan provided by the U.S. Department of Education with a fixed interest rate of five percent. Loan limits for undergraduates are $4,000 per year with a lifetime maximum loan of $20,000.

main page ATTRITION feedback