Colleges breach students’ sensitive information
College students nationwide can be especially vulnerable to identity theft because they often give out personally identifiable information. Some universities have even been known to use a student’s Social Security Number (SSN) as their student identification number, sometimes displayed on a student ID card.
Over the last year, Privacy Rights Clearinghouse (PRC) estimates that more than one million students, alumni and faculty have been affected by a data loss, or breach, of personal information.
Since July 2009, an estimated 72 breaches in 30 states have been reported, according to PRC. PRC shows that in approximately 88 percent of these instances, a student or individual’s SSN was exposed.
A number of the listed breaches on Privacy Rights Clearinghouse’s Web site do not specify the number of affected individuals, implying that this number could actually be higher.
“When I received a letter in the mail stating that my university had breached my personal information, I honestly didn’t know what I was supposed to do,” said Melinda Smith, an alumnus of a large university in Iowa. “I felt overwhelmed knowing that my information was out there and I had no way to know who might have their hands on it.”
Personal information can be breached in various ways, including hackers gaining unlawful access to computer files containing student information (even SSNs), or a dishonest or disgruntled university employee obtaining computer files containing sensitive records and then selling the records to savvy identity thieves.
LifeLock recommends that individuals who have been informed of a potential breach of private information should:
- Do your research – find out what information has been compromised. This will help you identify the risks associated and the best next steps.
- Utilize an ID theft protection service that can help you identify if there is a problem and protect your good name so you don’t have to worry.
- Place a fraud alert – Contact one of the three credit bureaus to place a fraud alert on your credit. You will only need to contact one, and then that bureau will contact the other two on your behalf. With a fraud alert in place, creditors should be notified that you are concerned about identity theft when they receive a new application, helping to stop the extension of credit in your name to a thief.
- Repeat as needed – You can renew your fraud alert every 90 days. It is important to note that you will need to renew in order for it to stay in effect. (You may also remove a fraud alert at any time.)
- Request your free credit report – Do this as soon as possible so that you are able to see evidence of an identity theft appear on your credit report, should one exist.