email-security-institution

Virginia law school makes huge mistake


Sensitive information like GPAs, class rankings, and addresses were mistakenly emailed to 160 University of Virginia law students

emailresizedThe University of Virginia Law School last week accidentally emailed out the personal information of 155 students, including grade point averages, class rankings, and biographical information — like  the addresses of some of their girlfriends.

Student Social Security numbers were not part of the leak. The spreadsheet of information about clerkship applicants was received by 160 law students.

The University of Virginia Law School released a statement Thursday apologizing for the lapse.

“The dean and other Law School officials have apologized and reached out individually to all of the affected students,” the school stated. “We are deeply distressed that this mistake occurred, and we are in the process of reviewing our data management procedures to build in more safeguards against unintentional disclosures.

The mistake was originally reported by the legal gossip website Above the Law.

Ruth Payne, University of Virginia’s director of judicial clerkships, sent an email to the school’s clerkship listserv with an attachment containing details about hiring information for the District of Maryland, the site reported. The attachment was a spreadsheet entitled “2015 Applicants Workbook,” and “it contained all the information under the sun about UVA’s would-be clerks.”

(Next page: This isn’t the first time this year that student information was released due to university error)

Payne quickly followed that email with another, asking students to delete what they had received. Soon after that, the students received another email; this time from George Geis, vice dean of the law school.

“Ruth and I both deeply regret this situation and apologize to all of you,” Geis said. “We take the safeguarding of your personal information very seriously and will conduct a full review of our communication practices and our management of confidential student information. We ask that you please do not open this attachment and that you immediately delete this email if you have not done so already.”

The incident in Virginia was the latest example of sensitive student information finding its way into public hands. More than 3 million records were compromised in data security breaches at colleges and universities last year, accounting for ten percent of all data breaches in the United States.

Higher education networks are 300 percent more likely to contain malware than their enterprise and government counterparts, according to OpenDNS, an internet security company.

More so, the release of information at the University of Virginia was just the most recent case of a breach occurring due to university error, rather than a cyberattack.

In February, the names, addresses, and Social Security numbers of 146,000 Indiana University students and recent graduates were exposed after the data was unknowingly kept in an insecure location for nearly a year.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Latest posts by Jake New (see all)

Oops! We could not locate your form.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.