NC State Notifying Parents of Inadvertent Release of Information
Data housed on a North Carolina State University computer server that contained private information for about 1,800 school children from Richmond and Wilson counties was inadvertently made available online. The data was gathered from 2003-2006 as part of a research study on classroom practices.
The data contained names, social security numbers and dates of birth. The three affected elementary schools are: Ashley Chapel in Richmond County, and Gardners and Wells in Wilson County. The Department of Public Instruction notified NC State on July 25 of the data exposure after receiving a call from a parent of one of the students; the data was immediately removed from the NC State server.
“As soon as we learned this information was publicly available, we removed it from our servers and contacted Google to ensure removal of any saved copies,” said Marc Hoit, vice chancellor for information technology. “Our next step was to launch a forensic review of all our servers to make sure there were no other instances of inadvertent data release. Finally, there is no evidence that any of the data from the 2003 to 2006 study was used improperly, but we want to make sure parents are aware and can take additional steps to protect against the possibility of fraudulent use of identity information.”
A letter to parents provides information that includes measures that can be taken to monitor credit ratings. The university also has notified the school superintendents in Richmond and Wilson counties. Letters to parents were mailed on Monday, Aug. 8.
“Because this information was gathered several years ago, it was difficult to obtain parents’ current contact information,” Hoit said. “For example, Ashley Chapel Elementary has been closed.”
During the timeframe of the study, a small number of school systems still used social security numbers as student identification numbers. All North Carolina public schools now use randomly generated personal identification numbers provided by the state’s student information system, known as NC Wise. The university discontinued use of all social security numbers as personal identifiers in 2004.
The university has established a call-in number for parents, 919-515-5912, or email ced_info@ncsu.edu.
Parents who receive a letter or who believe their child was part of the study at Ashley Chapel Elementary in Richmond County, and Gardners and Wells elementary schools in Wilson County from 2003-2006, should remain vigilant by reviewing account statements and monitoring free credit reports obtainable from:
- Equifax: 1-888-766-0008, www.equifax.com, P.O. Box 740256, Atlanta, GA 30374
- Experian: 1-888-397-3742, www.experian.com, P.O. Box 9554, Allen, TX 75013
- Trans Union: 1-800-680-7289, www.transunion.com, P.O. Box 6790, Fullerton, CA 92834
To obtain further information about preventing identity theft, contact the Federal Trade Commission and the North Carolina Attorney General’s Office:
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
(877) 382-4357
www.ftc.org
North Carolina Attorney General’s Office
9001 Mail Service Center
Raleigh, NC 27699-9001
(919) 716-6400
www.ncdoj.gov
-30-