Six weeks ago, someone accessed some sensitive information at Dixie State College which included:
Social Security numbers, birth date information and addresses, of former students, alumni and former employees
Dixie State College officials have taken six weeks to alert the alumni and employees of this security “incident”. Why? Sure no credit card information has been leaked, but like that matters when your SSN, birth dates and addresses have been leaked. Sounds like anybody could sign me up for a new credit card, take out a line of credit in my name, and do more harm than good.
DSC has put up an “ID protection” site for those to access to find out more about how to protect their identity, accessible here. They even link to the free annual credit report. But what if I’ve already used my free credit report this year. Are they going to foot the bill for me to check it again? If only.
I just emailed idprotect@dixie.edu asking why it has taken six weeks for people to be alerted of this incident, as well as what are the plans to notify the alumni? Billy hadn’t heard about it and he’s an alumni. I only heard about this “incident” from my checking of my college email account. WTF?!
Below is a copy of the press release that went out today. For me, it seems like it is about 5 1/2 weeks late. If you are an alumni of Dixie State College, I’d suggest you email your complaints as well. Doubt it’ll do any good, but still.
Dixie State College Notifies Alumni and Employees of Security Incident
(ST. GEORGE, Utah – October 23, 2007) Dixie State College of Utah’s Information Technology (IT) staff became aware of a security incident on September 11, 2007, in which an unauthorized individual was able to gain online access to confidential files holding personal information, including Social Security numbers, birth date information and addresses, of some alumni and current and former DSC employees. However, the files did not contain any credit card or financial data.
Once DSC officials became aware of the incident, the compromised files, which contained approximately 11,000 names of those who graduated or worked at DSC from 1986 to 2005, were immediately deleted from the server. In addition, law enforcement officials, along with the Utah State Attorney General’s office and the Utah Higher Education Commissioner’s office, were notified.
The files were accessible through an internal DSC search engine for a period of up to 14 months, though it appears those files were not accessible to public search engines such as Google or Yahoo!.
“At this time, there is no evidence that the information has been misused,” said Gary Koeven, DSC dean of information services. “However we take this risk very seriously and are taking steps to notify those individuals listed in the files as well as our entire campus community. The situation will continue to be monitored.”
DSC officials have confirmed that the files were accessed, though it is inconclusive as to whether any sensitive information was actually accessed and/or acquired. Koeven added that efforts are being made to notify those affected.
Koeven also noted that a thorough information technology audit is currently underway and that all security and IT processes are being reviewed and will continue to be strengthened.
“We regret that this incident has occurred and we want to let everyone in the Dixie State College community know that we take this matter and all security issues very seriously,” DSC President Dr. Lee Caldwell said. “We know and understand the danger of identity theft and we are committed to ensuring that this does not happen again at this institution.”
Those potentially affected are urged to take precautionary measures by monitoring their bank and credit card statements. In addition, individuals are encouraged to request a free copy of their credit report and review it thoroughly and, if necessary, place a fraud alert on their credit.
In order to further assist, update and provide as much information as possible, Dixie State College has created a website dedicated to this issue at www.dixie.edu/idprotect. DSC has also established a toll-free telephone hotline accessible at 1-866-295-3033. Individuals may also email questions and concerns to idprotect@dixie.edu.
