University of Guam officials briefed the Legislature’s Committee on Education on Wednesday on the implemented protocols and support services following the inadvertent disclosure of the personal information of 154 students to 196 unauthorized recipients via email.
An unnamed employee at UOG’s Financial Aid Office inadvertently sent the email on March 27.
The email contained the names, student ID numbers, Social Security numbers and award amounts of students who received direct loans or Pell grants for the spring 2018 semester.
“The University of Guam takes this accidental disclosure of personal data as a serious matter which required an all-UOG response. The response is we will all take the necessary steps to protect the integrity of the student data which was breached,” UOG President Robert Underwood said during the hearing.
Underwood said the university has apologized to the students affected and offered services and further support moving forward. He said the university took steps to inform the unintended recipients and to delete the email and contacted the students whose information was compromised.
All students were contacted and a letter was sent on Monday to reiterate UOG’s acceptance of its responsibility and to outline services. Three meetings also were held last week for the affected students.
“We are offering two years of Experian Identity Works service to students. This will monitor their credit history and report any anomalies which might surface. There’s $1 million coverage for cost, which may be incurred by any student who is financially harmed by this release of personal information,” Underwood said.
Additionally, he said, the students will continue to receive identity restoration support from Experian after two years. For those without a credit record, a different kind of coverage will be provided which includes monitoring the dark web. According to Underwood, the service also will be provided for two years.
More than 50 students have received an activation code for the services. By the end of the month, Underwood said, UOG will again communicate with the affected students and send an activation code to facilitate their participation.
“We hope to have 100 percent participation. It’s important to note that even though they get the activation code they have to ask for it themselves and that will be available until July 31st,” he said.
Underwood said university officials also have communicated with the 196 who received the personal information. The recipients were encouraged to delete their files and fill out a form certifying they have deleted the information.
“We advised them that, although they received this information involuntarily, they are still bound to obey the law and not pass it along to anyone else,” he said.
Underwood said the university also has been in contact with federal agencies – the Secret Service and the Federal Bureau of Investigation for short-term training on identity theft and internet security.
The Secret Service agreed to do two workshops on April 20 at the UOG campus, according to Underwood.
The university is also in conversation with the University of Maryland for cybersecurity training for university students and the public.
“We certainly regret this incident and apologize for any inconvenience experienced by the students. They have the right to privacy and the expectation that the university will take every step to ensure the full exercise of this right,” Underwood said.
A 24-hour, daily hotline is available at 671-735-2630 for students and parents who have questions or concerns. The university also set up a fraud protection website, which can be accessed at http://uog.edu/fraudprotection.