From the Associated Press
CHARLOTTESVILLE, Va. (AP) -- The University of Virginia's policies and procedures will be reviewed by a task force to ensure the personal information of students and staff is protected.
The move follows the accidental printing of address labels containing students' Social Security numbers. The labels were on health insurance brochures sent to students by Aetna Health Care.
Media outlets report that U.Va. president Teresa Sullivan announced the task force's creation Monday in a letter to students and staff.
The task force will be chaired by Pat Hogan, the university's executive vice president and chief operating officer. Sullivan says the Office of General Counsel will serve in an advisory role.
Original story from July 18, 2013
The University of Virginia is trying to protect thousands of students from identity theft after compromising their personal information.
UVa said the school's student health department sent information pamphlets directly to students at their permanent home addresses with their social security numbers on the outside.
The label doesn't specifically identify the numbers as being a student's social security number, but it's printed right above the address.
Roanoke native Anna Smith is one of the 18,000 students affected by the mistake. She’s been home on summer break for weeks and said she didn't even realize her social security number was on the mailer until she heard about it on the news.
Some students were upset to see that their information was made public, while others didn't really seem to care.
"People are like this is your only job,” she said. “All you have to do is send out these mailers and someone just messed it up, but I think most people in college, at least my friends, have just brushed it off and thought it was funny."
The mailers went out to 18,000 students.
The university is still in the process of notifying students and is now offering free credit monitoring help to those affected.
Robert Chappell is the author of "Child Identity Theft." Chappell gave some tips to WDBJ 7 on ways people can be proactive in protecting themselves.
UVa issued the below statement regarding the mailer:
The University is making final preparations to send notice to the affected students about the SSN exposure. The mailing will provide notice of the exposure, and offer information and a contact number to take advantage of the free credit monitoring service.
We also are establishing a call center for students and parents who have additional questions or concerns.
The University sincerely regrets this exposure and assures students and their families that the error has been corrected and that we take the issue of handling sensitive information very, very seriously.
Our goal is to have the letters in the mail by this Friday.
This exposure occurred as a result of program used by our Department of Student Health to gather data from our central Student Information System, which is a highly secure system, to provide to the University’s provider of student health insurance. The department used a program used only by Student Health to pull that information out and provide to the insurer.
What happened in this case is the program used to gather the data collected student Social Security numbers in addition to the basic information such as name and address.
As part of the University’s ongoing effort to move away from the use of Social Security numbers, the program was supposed to be adjusted some time ago so that it would not gather SSNs.
This was an oversight and has now been corrected.
Aetna also issued a statement:
We are aware of the unfortunate situation and regret that it occurred. We have been working with the university to notify affected students and help ensure that an incident of this nature doesn't happen again. The mailing was a brochure sent out by our mail vendor outlining student health insurance options for the upcoming school year.
Aetna received the file from UVA in a secure, electronic format and provided it to the mail vendor in the same manner. Aetna's standard protocol with the vendor is to review samples of the mail before a mailing goes out. That procedure was not followed in this circumstance.
We have reviewed our protocols with the vendor to ensure they are followed for every mailing. We also are instituting additional internal,Aetna protocols to detect and purge unnecessary data fields from files received from student health customers.