Email error causes privacy breach at Cheyney Univ. in Pa.

January 25, 2013 3:52:14 PM PST
Cheyney University is warning students about a mistake that put their private information in the hands of other students.

"I love my school to death," Cheyney student Dontay Taylor told Action News. "But this is something that affects my life. Like, somebody could steal my identity and mess up my credit."

Some students at this historically black college in Chester County were aware Friday of the information breach.

Others were just learning that instead of a routine email about the release of a forthcoming IRS form 1098-T, Cheyney mass-mailed a huge 240-page list containing critical private information - names, mailing addresses and social security numbers - for over 2100 current and former students.

How potentially harmful is the release?

"This is the holy grail," said Drexel University professor Rob D'Ovidio. "If I were an identity thief, this would be the kind of information I would use to start launching an identity theft scheme."

D'Ovidio studies privacy issues. He says Cheyney should have encrypted the sensitive information so if it did get emailed it would be unreadable in most cases..

Cheyney's administration refused to answer questions Friday as to how and why the release happened and who if anyone is responsible.

It did release a two-line statement saying the University regrets the error and has taken steps to address the situation.

In a letter, Cheyney warned students to be wary of any inquiries asking for additional personal information. It also said it will provide credit monitoring services.

That's at best a defensive step, said one student.

"Even if you get somebody to monitor somebody's information, that's not a preventive measure," said Derrick Howell. "They already have your stuff. It's just a matter of if you can catch them later on, after they use it."