364,000 Exposed in Bizarre Auburn University Data Breach

Auburn University

What Happened?

On April 3, Auburn University confirmed a data breach impacting 364,012 individuals. The incident occurred when personal information of students, applicants and even non-applicants was accidently made viewable to anyone online.

The names, addresses, birthdates, Social Security numbers and academic information of these individuals were published from September 2014 until March 2, 2015. Auburn University says it is “unaware of any attempted or actual misuse” of this personal information.

Exposed student and applicant information was collected during the application process. Non-applicant information is believed to have been collected from ACT and SAT test administrators as part of a common recruiting practice.

While Auburn University used this information to analyze prospective candidates, it is unclear why they chose to keep data on those who did not ultimately attend their institution.

“We didn’t apply, we didn’t send our SAT/ACT scores, we have nothing to do with Auburn, and we’re angry,” Lyndsay Medlin, a student at the University of Virginia School of Law, told The Birmingham News, referencing herself and three classmates who received breach notification letters from the university.

Mike Clardy, an Auburn University spokesman, also confirmed that non-applicants’ information had been exposed. The breach occurred as a result of how the university replaced a broken server. Once the incident was discovered the machine was immediately unplugged.

Medlin is still unclear as to who would have provided her Social Security number to Auburn University, or if it was even included in the exposed records. She says she was involved in a scholarship search program, but never provided such sensitive information.

What Should You Do?

Due to the sensitive nature of the exposed information, impacted individuals are now at an increased risk of fraud and identity theft. If you believe you may have been impacted by this breach, you can take the following steps to protect your personal information:

  • Check your credit report for signs of identity theft
  • Monitor your bank statements regularly
  • Consider placing a credit freeze on your credit report

Auburn University is providing impacted individuals with two years of credit monitoring and identity theft protection, as well as lifetime access to fraud resolution services. To enroll, contact Auburn’s confidential assistance line at 877-237-7191.

Even if you were not impacted by this data breach, the incident brings up a vital conversation about how much personal data is unknowingly shared between organizations. To avoid being involved in a situation like this, always read privacy policies before providing personal information and ask how your data will be used, stored and share.

Students and their families are also protected by the Family Educational Rights and Privacy Act. This act mandates schools must have written permission from the parent or eligible student in order to release any information from a student’s education record. It is still unclear if any parties are in violation of this act.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.