Disappeared News

by Larry Geller

There’s been another serious breach of student’s personal information at the University of Hawaii. See Saturday’s Star-Advertiser story Privacy protector found UH data dump (10/30/2010).

Then check the website linked below to see if your personal information was compromised. As you know, that could lead to any of the numerous consequences of identity theft.

My name was in the database. What now?

Does anyone know of an attorney working on this issue? If so, for all of us affected, it would be a help. Both federal law (FERPA) and possibly Hawaii law appear to have been violated. Here is the data that was leaked from my records:

• Date of Birth
• First Name
• Last Name
• Middle Name
• Social Security Number

The website advises that in addition to names, social security numbers and dates of birth, some or all of the following information was breached for each student:

• Gender
• Ethnicity and Native Hawaiian Status
• Home Language
• Marital Status
• Number Of Dependent Children
• Dependents In Household
• Existence of a Physical, Hearing, Mobility, Learning, Psychological, Visual Disability or Traumatic Brain Injury
• Highest Level of Education Attained By Father
• Highest Level of Education Attained By Mother
• Citizenship
• Veteran Status
• Financial Aid Status for Each Term
• High School GPA, Rank, and Name
• Last College(s) Attended
• Transfer Information
• SAT Verbal & Math Scores
• TOEFL Score
• Detailed Information on GPA and Credit Hours
• Academic Major and Minor
• Employment Status While Attending
• Primary Objective In Attending Manoa
• Highest Degree Intended
• Primary Place Of Residence While Attending
• Primary Source Of Funds For College
• English Proficiency and Placement
• Degrees Earned
• Performance in English, Writing, Math & History
• Faculty-Staff, Institutional, Military, Pacific-Asian, EWC Grantee, Hawaiian and Appeal Exemption Statuses
• Hours Employed per Week
• Housing Status: Off-campus, On-campus, With Family or Relatives
• Reason for Going to College
• Sports
• Aid Received

Yikes!

I notice that UH did not notify me that my name was among those that were breached. I received nothing from them, no email, no snail mail, no phone call.

And as the press release from the National ID Website notes, the University of Hawaii has a history of security breaches:

HONOLULU, Hawaii. The University of Hawaii-Manoa and has breached the personal information of 40,101 students who attended between 1990-1998 and 2001, including names, social security numbers, dates of birth, addresses, demographic, and detailed academic performance data. These UH-Manoa students are at increased risk of identity theft and fraud. The information was posted on an insecure, unencrypted University of Hawaii-West Oahu (UHWO) website for almost a year. Some of the affected alumni attended UHWO. Alumni attending other years and on other campuses may have also been affected by the breach. This latest breach follows on the heels of a May, 2010 breach involving 53,000 students, and a 2009 breach involving 15,487 parents and students. …

I am thinking that it might take a class-action lawsuit to compel UH to provide sufficient education for its personnel and controls on access to personal data. Clearly, they do not have either in place.

The data that was breached was on a faculty member’s home computer. Why was that allowed/condoned? How many other faculty or staff are taking home personal data? Who made the data available to them? Can a faculty member just walk into an administration office and get hold of anyone’s data? Should not the administration be held liable for the data breach, since they handed it over in the first place?

If you have been a UH student, go to the website linked above, put your name in, and see what they might have leaked of your personal data.

The website suggests what you need to be do if your SS number and other info have been leaked. Taking the precautions suggested will cost time, money and mental anguish.

I suggest we consider a way to act together for compensation for the trouble and to prevent future leaks such as these. That will probably involve a knowledgeable attorney.

Your thoughts?

Permalink posted by Larry @ 10/30/2010 09:23:00 PM