College of Education - Internet Security Warning
 

On January 3, 2008, Murray State University's College of Education received notification from the Liberty Coalition, an organization focused on prevention of identity breach issues, that personal student information including student names, social security numbers and birth dates was accessible by manipulating a Microsoft Excel file on the MSU College of Education website.  Upon learning of this the College of Education removed the file from its web site and took steps to remove the information from search engine caches. The file was a 2000-2001 Admission to Teacher Education report posted online in Microsoft Excel format in preparation for the Fall 2002 accreditation visit by the National Council for Accreditation of Teacher Education (NCATE) and Kentucky Education Professional Standards Board (EPSB).

While on opening the file revealed no personal data that could be connected to any student it did contain "hidden fields" which could be manipulated to reveal the information listed above. It was not our practice or procedure to post any file for this particular report in Excel format, opting instead for the Acrobat reader format. The posting of this Excel file was inadvertent and unintended. Evaluation of web logs available to Murray State indicate that the file has been searched for, including searches for social security numbers, and has been accessed by unknown individuals. However, Murray State is unable to determine whether the information in the "hidden fields" has, in fact, been accessed. 

The University notified affected individuals by mail and provided the information below.

As a precaution against identity theft, individuals are encouraged to request a free copy of their credit report by calling 1-877-322-8228 or going online to:  www.annualcreditreport.com .  The Kentucky Attorney General's Office also has Identity Theft prevention information on its website at  www.ag.ky.gov/consumer.  The "Identity Theft" link includes an "ID Theft brochure", "Tips for Victims", an "ID Theft Victim Kit" and a link to the website where consumers can receive their free annual credit report. 

        Other precautionary measures individuals may wish to take include::

  1. Review all credit card and banking/financial statements for any suspicious or unauthorized activity.
  2. Place a temporary fraud alert on your credit file by contacting one of the three major credit reporting agencies.  It should be noted that you only need to contact one of the three companies to place an alert.  The company that you call is required to contact the other two; the action of the first company will place an alert on the other company's versions of your report.  The contact information of the three major credit reporting agencies is as follows:
    • Equifax:  1-800-525-6285; www.equifax.com ; P.O. Box 740241 , Atlanta , GA 30374-0241
    • Experian:  1-888-397-3742; www.experian.com ; P.O. Box 9532 , Allen , TX    75013   
    • TransUnion:  1-800-680-7289; www.transunion.com ; Fraud Victim Assistance Division, P.O. Box 6790 , Fullerton , CA 92834-6790
  3. Consider placing a security freeze on your credit file.  A security freeze means that your credit report (with certain exceptions) cannot be shared with others without your authorization.  Additional information about a security freeze may be found at:  www.ag.ky.gov/consumer/securityfreeze.htm

        

MSU has taken and is continuing to take steps to remedy the situation.  This is a regrettable incident and Murray State considers any breach of privacy and confidentiality as a serious matter.  The University will make every effort to address concerns and questions on this sensitive issue.  For more information please contact Bonnie Adams in MSU's College of Education at 270-809-3833 or email educationdean@coe.murraystate.edu .