You are viewing this article in the AnnArbor.com archives. For the latest breaking news and updates in Ann Arbor and the surrounding area, see MLive.com/ann-arbor
Posted on Thu, Mar 10, 2011 : 3:45 p.m.

Students' personal information improperly provided to third party, Eastern Michigan University says

By Heather Lockwood

Eastern Michigan University police have discovered that two students who worked for the university improperly provided the names, birth dates and Social Security numbers of about 45 students to a third party, EMU vice president of communications Walter Kraft said.

The EMU Department of Public Safety and federal officials are investigating, he said.

DPS became aware of the incident "within the last several weeks" during the course of another investigation, he said.

All the victims have been notified individually, Kraft said.

Kraft would not say in what capacity the two students were employed with the university, but said EMU has "students employed in a variety of areas," and "student employees make a valued contribution at Eastern."

Kraft said the university takes the privacy of its students very seriously, trains student employees of the university about the proper way to handle personal information and requires them to sign agreements regarding confidential information.

"We advised students on how to monitor their credit reports and that's something all students should be doing on a regular basis," Kraft said. "We are working with those 45 students more directly to assist them."

No further details were immediately available.

Heather Lockwood is a reporter for AnnArbor.com. Reach her at heatherlockwood@annarbor.com or follow her on Twitter.

Comments

dading dont delete me bro

Fri, Mar 11, 2011 : 11:41 a.m.

i got an email from emu, "...At this point, if you do not receive a notification, it is because we do not have any evidence that your information was used improperly. " does this mean my information was breached? now does the information regarding how to monitor my credit report mean, '...We are working with those 45 students more directly to assist them." that's the only 'direct' contact i've had with emu...

HADES

Fri, Mar 11, 2011 : 4:40 p.m.

I received the same email. I think the email is very vague and I bet there are more people effected by this than EMU is telling us. I don't think EMU has a clue! EMU is telling its students to check their credit reports! EMU do your job and protect our information! Don't tell us what we should be doing when you messed up! You made the mistake now take responsibility for it! Like I said in an earlier reply. If EMU leaked my information and screws up my credit report, EMU will be hearing from my lawyer! Everyone who had their information leaked should contact a lawyer and sue EMU! This is serious and no students should have had access to this information!

RJA

Fri, Mar 11, 2011 : 4:50 a.m.

OMG, this is really a serious crime! Glad none of family have been notified, not yet anyway!

Terrin

Fri, Mar 11, 2011 : 3:38 a.m.

Sallyxyz: Yes, let us crucify the student employees. Kick them out of school and ruin their lives forever WITHOUT knowing any facts. Seriously, way to jump to conclusions. Nowhere in the story did it say the two students allegedly responsible for the release of the information gave the information intentionally violating a policy. Further, the student employees names are not being released, which also leads one to believe the release may have been unintentional. To be guilty of a crime you have to intend to violate a law. Perhaps, the students thought it OK to release the information to the third party. Perhaps, the third party is a company EMU does business with on a regular basis. EMU contracts out many services. For example, transcripts. You order a transcript online, a third party sends it to you. Maybe the students were giving the information for what they thought legitimate reasons. Maybe the students were scammed. People get tricked into giving sensitive information out all the time. I met a guy struggling with debt recently. Some person called him up claiming to be one of his creditors, offered him a favorable settlement, and the caller obtained sensitive information from the guy under the guise of verification of identity. It is also possible EMU failed to the students properly. There are so many possible variables here it is impossible to lay blame on anyone without knowing more. Further, why would student employees be removed from handling sensitive information? Are they somehow less trustworthy then regular employees? They are good enough to take thousands of dollars of tuition from, but not to be trusted with to perform necessary services.

HADES

Fri, Mar 11, 2011 : 3:28 a.m.

EASTERN MICHIGAN UNIVERSITY is very unprofessional on many levels! This story does not surprise me at all! They need to fix their parking problems as well! You can NEVER find a parking space. They plow snow into parking spaces instead of removing it, so there are even less places to park. EASTERN MICHIGAN UNIVERSITY needs to get their act together! Especially, the parking department! You need more places to park! Ever heard of parking garages?! You might want to add some. They only have one and it is for faculty! Then you have the Professors who put their political spin on almost every topic! Shut up and teach the class! No one wants your opinion or your political view! If U of M offered a degree in my Major I would have transferred already!

joe golder

Fri, Mar 11, 2011 : 5:32 p.m.

This was discovered during another investigation. I wonder if the feds being mentioned were contacted about this criminal act or was already investigating another issue? Parking structures?.... as soon as the City of Ypsi can help EMU steal more tax dollars. Brain washing isn't limited to universities. It happens in the public schools all the time.

Sallyxyz

Fri, Mar 11, 2011 : 12:59 a.m.

This kind of breach of confidentiality is a very serious offense and those responsible need to be prosecuted to the fullest extent of the law, including being dismissed from the university. This is a serious crime. When identities are stolen, sometimes the consequences don't show up right away. It could be months from now that a credit card is issued illegally and large purchases made, or funds are withdrawn from a bank account, etc. A birthdate and ss number are enough to do very serious financial damage to a victim. More information would be very helpful in this article. Who is the 3rd party to whom the information was given or sold? In what capacity were these students employed? Why did they have access to dates of birth and SS numbers as part of their job as student employees? That is something that sounds wrong, right from the start. Too much access for any student employee. If a "regular" employee committed this crime, they would be immediately fired. I hope these student employees have been fired and dismissed from the university with criminal arrests on their records.

Conflict

Fri, Mar 11, 2011 : 1:40 a.m.

Weak security protocols to begin with jj. The user is the cause of 80% (give or take) of security breaches.

jjc155

Fri, Mar 11, 2011 : midnight

@conflict-you did see in the first sentence or so of the article where it is stated that two employees who had access to the info were involved in taking the info and providing it to the third party. No hacking, no breach of Info security protocols etc.

Conflict

Thu, Mar 10, 2011 : 11:45 p.m.

Eastern was hacked sometime last year as well. Their security protocols are very weak and their IT security program is even weaker. Avoid.

Ricebrnr

Thu, Mar 10, 2011 : 10:56 p.m.

Unfortunately this is more common than people going through your trash for the info. Way to own the problem EMU. Advised the students on how to monitor their credit?!?! How about paying for a year or so of monitoring like every other corporation has when their employees screwed up?

HADES

Fri, Mar 11, 2011 : 3:50 a.m.

EXACTLY! Don't tell me what I should do! Do your job EMU and secure our information! If I were one of these people that had their information leaked I would sue EMU and I think they should! EMU needs to take responsibility for their mistakes and not tell us what we should be doing. Do your Job!

TheGerman

Thu, Mar 10, 2011 : 9:15 p.m.

Yet us students have to change our passwords every 180 days for our own security, when they can't even keep our information safe from within.