WCSU identifies database vulnerability, provides solution
DANBURY, Conn. - Western Connecticut State University is in the process of notifying students, their families, and other constituents that their personal information may have been exposed to unauthorized access by a computer system vulnerability that has since been corrected. WCSU has found no evidence that records were inappropriately accessed.
The vulnerability existed from April 2009 to September 2012 and potentially exposed information, including Social Security numbers, of about 235,000 people whose records were collected by the university over a 13-year period.
We are disappointed that these records were potentially exposed but we will do everything we can to protect our students, their families and others with whom we have worked,” said WCSU President James W. Schmotter. “The steps we are taking and the solutions we are offering to every one of those affected are designed to address any problems this situation may have caused.
The affected group includes students, their families and those who had other associations with the university, as well as high school students whose SAT scores were purchased in lists, a common practice in higher education.
Although WCSU has found no evidence that records were inappropriately accessed, to protect those potentially affected, Western is offering up to two years of ID theft protection at no cost through a company named AllClear ID.
Everyone in the affected groups will receive a letter explaining the protection being offered and the steps they may take to access AllClear ID services.
When he became aware of the issue on Sept. 26, 2012, WCSU President James W. Schmotter immediately activated the Board of Regents security incident response plan. The BOR Information Security & Policy Office conducted an investigation to determine what happened and identify and remediate security vulnerabilities campus-wide. The university also informed the Connecticut Attorney General’s office of the issue.
“We are disappointed that the potential existed to have these records exposed but we will do everything we can to protect our students, their families and others with whom we have worked,” Schmotter said. “The steps we are taking and the solutions we are offering to every one of those affected are designed to address any problems this situation may have caused.”
Since discovery of the exposure, the university has dramatically increased its information protection capacity with new layers of protection. The university will continue to assess and improve all aspects of its information security.
All those affected will receive notification through the postal mail. In addition, Western has set up a searchable database that contains the names of all affected individuals. Instructions can be found at www.wcsu.edu/securityincident.
A list of frequently asked questions, provided in English, Spanish and Portuguese, is also available at that site, along with other information.
WCSU and AllClear ID have set up a hotline at (855) 731-6012 to answer questions from those affected. The hotline will be staffed from 9 a.m. to 9 p.m., Monday through Saturday.
For more information, call Paul Steinmetz at (203) 837-9805.
Western Connecticut State University offers outstanding faculty in a range of quality academic programs. Our diverse university community provides students an enriching and supportive environment that takes advantage of the unique cultural offerings of Western Connecticut and New York. Our vision: To be an affordable public university with the characteristics of New England's best small private universities.
