More applicants to the University of California than originally
thought had private information, including their Social Security
numbers, displayed to other applicants because of a glitch on a UC
application Web site.
The unintentional release of information on the Web site has
raised questions about applicant privacy and the possibility of
identity theft, a growing problem in the United States.
Lavonne Luquis, a UC spokeswoman, said the UC sent an additional
183 applicants letters last Monday notifying them that their
information had been viewed.
Those notifications came on top of that of 108 students, who
were contacted the previous week.
The UC also sent 2,048 applicants letters the previous week
saying their personal information may have been viewed by other
applicants.
Personal information that may have been displayed in addition to
Social Security numbers included the applicant’s name,
address, date of birth, phone number, citizenship status and SAT or
ACT scores. The information could only be accessed by other UC
applicants.
The UC application Web site is maintained by Educational Testing
Services.
By state law, the university was required to notify the
individuals that may have had personal information accessed.
A recent survey released by the Federal Trade Commission, the
government agency that deals with identity theft, showed that 27.3
million Americans have been victims of identity theft in the last
five years, including 9.9 million people in the last year
alone.
Betsy Broder, an FTC official, said identity theft is a growing
crime and “is more widespread and pernicious than previously
realized.”
Because of this growing problem, many have called for more
stringent controls on personal information released to
organizations, companies and universities.
Universities across the country store millions of
students’ personal information in large databases that can
sometimes have glitches or can be hacked.
“The recent UC foul-up demonstrates the need to take
computer security and information sharing processes very
seriously,” said Henry Pontell, a UC Irvine professor of
criminology, law and society and author of several books and
articles on identity theft.
“You can do a lot with someone’s Social Security
number. (The numbers) were never meant to be a national identifier,
but they have been, and they need to be guarded very
carefully,” he said.
Social Security numbers are used for UC applications to help
better identify students.
Pontell said personal identity theft has been around for years.
But he stressed the need for encryption technology because of the
major threat of information theft on large databases, as the
potential for harm is far greater than individual identity theft.
He also said universities need to be especially careful.
A database at the University of Texas, Austin was hacked into
last year, resulting in the exposure of more than 50,000 Social
Security numbers to unauthorized individuals.
“Tighter security regulations are needed these days,
because there are too many ways information can be misused, stolen
or lost. The issue needs to be prioritized on the public agenda
because this theft can end up crippling our economy,” Pontell
said.
Last year’s identity theft losses to businesses and
financial institutions totaled nearly $48 billion and consumer
victims reported $5 billion in out-of-pocket expenses, according to
the FTC.
“These numbers are the real thing,” said Howard
Beales, director of the FTC’s Bureau of Consumer Protection,
in a statement. “For several years we have been seeing
anecdotal evidence that identity theft is a significant problem
that is on the rise. Now we know. It is affecting millions of
consumers and costing billions of dollars.”