Tower Club leaks alumni members' social security numbers

May 9, 2008

By Rachel Dunn and Josephine Wolff

Tower Club is taking steps to protect 103 of its alumni in the classes of 2006 and 2007 after a spreadsheet listing their names and social security numbers was e-mailed to current club members early Wednesday morning.

The document was attached to an apparently unrelated e-mail that informed current members about a club event. The spreadsheet was attached unintentionally because of "a technical glitch," Tower graduate board chair Greg Berzolla '87 said in an interview.

The e-mail was sent by Tower officers from the account to the roughly 200 current club members.

Tower officers sent another e-mail to the club yesterday asking members to delete the message from their mailboxes "out of respect for '07."

In an e-mail sent yesterday to the club's alumni in the Class of 2007, Berzolla said that Tower will pay for an identity theft protection services for the affected individuals next year. Berzolla also said he contacted the New Jersey State Police to ascertain what the club's next steps should be.

Several Tower alumni whose identities had been compromised were surprised to learn of the incident when contacted by The Daily Princetonian yesterday morning.

"I had no idea this happened, and frankly, I'm baffled and a little pissed off," Valerie McConnell '07 said in an e-mail when she first heard her social security number had been distributed, adding that she was contemplating legal action. When she learned that the information was released accidentally, however, she changed her mind.

"Now that I know that the social security numbers weren.t sent out on purpose, I'm not pissed off," McConnell said. "I think my identity is ok. I can't imagine anyone in the club trying to steal my identity (not that there's a lot to steal right now anyway)."

Maria Beylin '07 agreed that she was not overly worried about identity theft.

"[The incident] is a mistake; it shouldn.t have happened," Beylin said in an e-mail. "However, with the number of times I've handed out my SSN this year while seeking financial services or apartment hunting, it's really not my biggest source of concern for identity theft."

Berzolla said he believes the risk of identity fraud is .extremely limited. for the Tower alums whose social security numbers were listed on the spreadsheet.

"It's hard for any kind of fraud to occur that quickly," he said of the incident. "I feel confident that our club members are not going to use this information badly."

While the club is taking steps to ensure the security of the affected alumni, Berzolla said, he doesn't foresee any legal action being taken against the club. "[The breach] would have had to have been intentional [for there to be legal repercussions]," Berzolla said.

Still, the club will offer the affected individuals the option of signing up for an identity protection service for free, Berzolla added.

"It's an expense the club is going to incur," he said of the service which, he added, will not "seriously affect" the club's finances.

Berzolla hopes this measure will assuage any possible threat of legal action from former members against the club. "I don't expect there to be any problems, but just in case," he said.

Tower's explanation

Berzolla was unsure of the exact circumstances surrounding the "flaw in the e-mail program," which the club's officers cited as responsible for attaching the spreadsheet.

"The [spreadsheet] file wasn't even available on the hard drive [of the computer that sent the e-mail]," Berzolla said. "[The e-mail system] took an old e-mail and used it as a template [for Wednesday's e-mail] as near as we can guess. It's not a system very many people use or understand, that's the problem."

He was unable to clarify how the alleged "template e-mail" could cause the social security number file to be attached to the new e-mail.

"I cannot comment on [the glitch] because I don't understand it," he said. "I didn't figure it out, I think the club technical chair [did]. [Tower president] Stephanie [Burset '09] tried to explain it to me, but I think she doesn't really understand it either."

Burset said in an e-mail that Pine, the e-mail system Tower currently uses, is "fairly antiquated, but our tech chairs have assured me that nothing like this can ever happen again," and added that "we plan on switching to a new client which is more secure and easier to use."

The social security numbers on the spreadsheet were collected as part of the process of signing in new members several years ago, Berzolla said. Tower no longer requires its members to submit their social security numbers, he added.

Burset also said in an e-mail that she sent all current Tower members a message requiring them to delete the e-mail containing the spreadsheet and to personally report to her that they had done so.

The University's involvement

Though the e-mail was sent from a University-hosted e-mail address, the University did not provide the club with the social security numbers and is not responsible for any related security breaches, University spokeswoman Cass Cliatt '96 said.

"The University, in general, is a carrier of information via electronic channels rather than a publisher and because of that ... the University is not expected to be aware of or responsible for the material that individual subscribers may obtain, post or publish on the web via e-mail or filesharing," Cliatt said. "All individual users are responsible for the information that they might share or disseminate using our internet service."

The incident has been referred to the Office of the Dean of Undergraduate Students by OIT, she added, but the administration has not yet determined whether any violation of University policy occurred. The University will likely not take action to protect the alumni whose social security numbers were released, Cliatt said, since it is the club.s responsibility as an independent entity to do so.

The University maintains its own database of student and staff social security numbers, Cliatt said, adding that there are several layers of protection in place to ensure that this information is not accessible to other people.

"We used to use social security numbers as the identifying numbers for students," she said. "Several years ago, we switched to [the nine-digit PUID] numbers instead to protect students' privacy."

In 2004, the University instituted a modified Information Security Policy to protect "personally identifiable" information, such as social security numbers, income tax records and bank account numbers.

"Identity theft is a serious and growing problem in our society," the text of the 2004 policy states. "Anyone who can obtain certain pieces of information about an individual can open credit cards, take out loans, create forged documents or steal assets in an individual's name."

Social security numbers can be used to perpetrate identity fraud by opening bank accounts and signing up for credit cards in other people's names. The last four digits of student and staff social security numbers are also used to reset passwords for University e-mail accounts. Knowledge of a student's social security number could therefore grant someone access to that person's Princeton e-mail. Security breaches beyond Princeton

Tower's distribution of the social security numbers follows on the heels of the much larger security breach suffered by Yale University last year, when two of the university.s computers, containing social security numbers for more than 10,000 of the school's current and former students, faculty and staff were stolen.

In September 2007, Chris Huffman, Yale '05, said he believed that a false credit card had been opened in his name as a direct result of his social security number being leaked in this theft.

"The [social security number] data had been kept for no particular reason and was overlooked in the University's efforts to reduce the amount of personal information it keep on file," The Yale Daily News reported in the wake of the incident.

Yale, like Princeton, no longer uses student social security numbers for identification purposes out of concern for student privacy.

Security breaches like the one at Tower are especially common on college campuses. According to a study done by the Privacy Rights Clearinghouse, an organization that seeks to protect consumers from identity theft, educational institutions accounted for more than 50 of about 300 major data breaches in 2006 concerning the release of social security numbers and bank account information.

In February 2007, Johns Hopkins University announced it had lost nine backup computer tapes containing personal information for 135,000 employees and hospital patients.

In March 2005, 98,000 social security numbers of students at University of California-Berkeley were stolen due to the theft of a campus laptop.

main page ATTRITION feedback