Tulane University Freeman School BLOG

I received the below email a few weeks ago from the Financial Aid Office at Tulane (finaid@tulane.edu). In a nutshell, Tulane shared my financial aid data with the Louisiana Office of Student Financial Aid (LOFSA), and a contractor of theirs lost the data. Tulane has done a poor job of protecting identities. Each student’s student ID number is their Social Security Number. To the best of my knowledge, this number is encoded on the magnetic strip on the student’s id, but not encrypted in any fashion. So any bar/club that scans your id will get your SSN. If you lose your ID, you’ve lost your SSN. And what did Tulane say when I asked them to change my student ID to a number other than my SSN? You guessed it.

So for those of you who find a Tulane ID, bar code readers are available on eBay for $50.00

In addition, whenever I work out at the Reily Center, the attendant swipes my ID to ensure I’m a paying student. Guess what appears on the computer screen - yep, my SSN. The student workers at the athletic facility likely haven’t undergone any background checks, and who’s to say if they’re selling my data or not?

Last year, I asked to have my student ID number changed. Tulane flat out refused to do this, claiming their computer system didn’t support such an option. I’m going to try again this year, maybe follow up with a certified letter so there’s a paper trail.

The email I received from Tulane is below. Note, no Tulane contact or follow up information. It’s as if they’re trying to disavow any connection with this. Funny too, the email was sent out Saturday at 6:55am. I wonder if they’re hoping students’ missed the email? Not that it would limit their liability:

Recently, a security breach of compressed data (including social security numbers) dating back to 1998 occurred in a move by a data storage contractor for the Louisiana Office of Student Financial Assistance (LOSFA).

The following people may have been affected:
-Any resident of the state of Louisiana who has completed a Free Application for Federal Student Aid (FAFSA).
-Anyone has who completed a FAFSA and included a Louisiana postsecondary institution as an institution to which FAFSA data should be sent.
-Anyone who has applied for or received a Tuition Opportunity Program for Students (TOPS) Scholarship.
-Anyone who has applied for or who has received student financial aid in the state of Louisiana.
-Anyone who has a Louisiana College Savings account (START Saving Program).

Check the LOSFA webpage http://www.osfa.state.la.us/notice.htm to see if your information was included in this breach. If so, free credit reports are available for you to check for suspicious activity.

A newspaper article discussing the breach is currently available online at http://www.2theadvocate.com/news/10592402.html.

Whether or not your information was included in the breach, obtain your credit reports free once a year to check for erroneous activity. Identity theft is on the rise, and credit reporting errors are common: a national survey in 2004 by the U.S. Public Interest Research Group found that one-fourth of credit reports contain serious errors that could cause consumers to be denied credit.

For these reasons, you should obtain and review your three major credit bureau (Experian, Trans Union, and Equifax) reports.

Source: Federal Trade Commission website http://www.ftc.gov/bcp/conline/pubs/credit/freereports.htm

“Only one website is authorized to fill orders for the free annual credit report you are entitled to under law - annualcreditreport.com. Other websites that claim to offer “free credit reports,” “free credit scores,” or “free credit monitoring” are not part of the legally mandated free annual credit report program.

-To order, visit annualcreditreport.com, call 1.877.322.8228, or complete the Annual Credit Report Request Form and mail it to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. The form is on the back of this brochure; or you can print it from ftc.gov/credit. Do not contact the three nationwide consumer reporting companies individually. They are providing free annual credit reports only through annualcreditreport.com, 1.877.322.8228, and Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.

-You may order your reports from each of the three nationwide consumer reporting companies at the same time, or you can order your report from each of the companies one at a time. The law allows you to order one free copy of your report from each of the nationwide consumer reporting companies every 12 months.”

And here’s the LOFSA web page informing me my data is up for grabs to the highest bidder:

It is indicated that your data was involved in this potential data exposure. Your name and Social Security Number were in the potentially exposed data. However, no financial information was included in your records.

Please understand you do not have to close any accounts. To our knowledge, there was no data in your LOSFA record that was financial in nature. No credit card account numbers were affected. However, do add a password to all your accounts if you wish to add an additional level of security.

At this time, we strongly suggest you take the following steps:

* Contact the 3 credit reporting agencies listed below. These are all computerized systems which will require your Social Security Number (SSN). Please call all three. If you need help, ask one of our representatives to assist you.

CREDIT REPORTING AGENCIES
Equifax: Call (800) 525-6285
Experian: (888) 397-3742
TransUnion: (800) 680-7289

* Report to each agency that your personal identifying information was compromised and you have the potential to become a victim of identity theft. Place a fraud alert with each Credit Reporting Agency (asking companies to contact you prior to issuing credit), and request your FREE copy of the credit report. It is free because your information was breached. If you are asked, respond that you are a potential victim of identity theft. You should do this for yourself and any family member whose Social Security Number was compromised. Please note: This alert is a temporary 90-day advisory statement and should be renewed every 90 days for a period of at least one year.

It is important for you to contact the fraud alert phone numbers we have provided to you. Follow the prompts on the phone tree to the part on fraud alerts. This is when you ask for you the fraud alert and again each time you want to renew the fraud alert. The Credit Reporting Agencies will try to sell you a credit monitoring service. If you choose another prompt other than the fraud alert you will most likely be offered a product, such as a credit monitoring service. Our contractor, the Identity Theft Resource Center, advises that these monitoring services add little, if any, protection from identity theft. Nevertheless, the decision whether to purchase a monitoring service is up to you. VERY IMPORTANT - You do NOT have to pay for a monitoring service to place the fraud alert or pay just to renew the fraud alert. On the 91st day after each fraud alert, you should call all three Credit Reporting Agencies and renew the fraud alert.

All credit reporting agencies offer credit monitoring services that you may purchase. We do not have any arrangements or contracts with these agencies and do not advocate that you purchase these services since you can monitor your credit reports for free. However, if for your convenience you wish to participate in one of these services, Equifax has told LOSFA that it will provide the monitoring service to those individuals whose data was lost at a reduced rate. For further information and a description of the service, please click here.

* When you get your credit reports, look them over carefully. If you see an account that is not yours, notify us immediately at 1 (800) 259-5626, ext. 1012. Be aware, you may see errors on the report that were there before the information breach. If you need assistance reading these reports, our representatives are available to help you understand them.

* It may take several weeks or months for fraudulently opened accounts to be reported. Therefore it is important for you to check your credit reports a second time in about 2-3 months. Use your free annual credit reports for this by calling 877-322-8228. For more information, please go to www.idtheftcenter.org and refer to Fact Sheet 124 - Credit Freezes and Fraud Alerts.

* If you wish to take additional preventative measures, you may want to consider placing a credit freeze on your credit reports. Louisiana allows all consumers to place a freeze on credit reports. Placing the credit freeze is free of charge if you are a victim of identity theft or age 62 or older. A nominal fee is charged otherwise. If you are a resident of another state, please go to http://www.idtheftcenter.org/map.html for a nationwide state resource map or www.idtheftcenter.org and refer to Fact Sheet 124 - Credit Freezes and Fraud Alerts for the information you will need.

* If you receive unsolicited calls, you should not provide any information of a personal nature or information related to your bank or investment accounts. In general, you need to be alert to suspicious activities regarding personal and financial information.

If you have any questions, you may contact 1 (800) 259-5626, ext. 1012. In addition, a website has been developed providing valuable information on steps to be taken if you suspect personal identity theft has occurred. You can also visit our website by going to www.osfa.la.gov/notice.htm. We have also arranged for a non-profit organization, the Identity Theft Resource Center (ITRC), to consult with the Louisiana Office of Student Financial Assistance during this situation.

Click to Verify - This site has chosen a VeriSign SSL Certificate to improve Web site security This site chose VeriSign SSL for secure e-commerce and confidential communications.
ABOUT SSL CERTIFICATES

Share This