An mailing error made by Iowa State University housing has inadvertently released the university ID numbers of students living on campus, as well as where they live. The numbers were included in a mass email sent to some 2,300 students.
As reported by Iowa State Daily, the email was sent by the university’s Department of Residence to inform students about a new university policy regarding electronic cigarettes. However, the mass email also included an attachment with a roster of all students living in university housing along with their student ID numbers.
University officials say the list was not intended to have been attached to the email, and that within a couple of days the Department of Residence was already being contacted by concerned students.
In an email to the Iowa State Daily, university officials assured students that security implications associated with the emailed roster are extremely low. The statement goes on to say that the university has received no reports, or found any evidence, that any harm has occurred. Also, no student financial information was contained on the email attachment.
The attached spreadsheet included students’ university ID numbers, ISU email addresses and where they live on campus. All of the info released is available through the ISU online directory with the exception of university ID numbers.
The email reached some 2,300 students on campus before the roster was noticed by the employee sending the email. The university explained that the department’s system sends emails in batches of 500 and that the employee noticed the mistake after sending five batches.
The Department of Residence sent a recall message to students to whom the attachment had been sent, but the document was still available to anyone who received it.
Iowa State IT was also included in the clean-up process, and stressed that university ID numbers are only used internally at Iowa State. There is no risk for any large-scale theft that could occur when a Social Security Number is stolen, but there is the possibility that the student ID numbers could be used on campus for access to campus services or to make purchases.
University officials also stated that no passwords were disclosed in the email containing the university ID numbers, further dampening the likelihood of any serious harm in the disclosure.