My SSN Was Exposed in a Breach at a School I Never Attended
▼ Summary
– The author received a letter in February about a Columbia University data breach, despite having no affiliation with the school.
– The breach, which occurred last June, exposed 1.8 million Social Security numbers, but Columbia’s public notices only addressed “members of the Columbia community.”
– The letter offered free credit monitoring from Kroll but did not explain how Columbia obtained the author’s Social Security number.
– After a difficult process through Columbia’s victim support, an official explained that decades of third-party data collection and failed data-removal efforts led to the school storing data on unaffiliated people.
– Kroll’s hotline was unhelpful, offering only escalation with no follow-up, prompting the author to contact Columbia’s IT call center.
A strange message from my father back in February launched me into a months-long investigation of a baffling mystery tied to a Columbia University data breach last year. The twist? The victims include people like me who have absolutely no connection to the school.
The text included a photo of a letter from Columbia, stating that I was affected by a breach that occurred last June. That incident exposed an enormous trove of sensitive data, including 1.8 million Social Security numbers.
Columbia’s public statements about the breach focused solely on “members of the Columbia community.” The university warned that an “unauthorized party obtained information about students and applicants related to admissions, enrollment, and financial aid processes, as well as certain personal information associated with some Columbia employees.” Major media coverage similarly referenced only people affiliated with Columbia as victims, while noting that the hacktivist behind the attack was reportedly motivated by the school’s history of “affirmative action-based” admissions.
But I am not part of the “Columbia community.” I have never applied to, attended, or worked for the university. And the letter I received,which arrived six months after the public notice,offered no explanation for how Columbia obtained or exposed my SSN. It simply stated that the breach affected “certain personal information about admissions, enrollment, and the financial aid process.” It directed me to sign up for free credit monitoring through Kroll Monitoring, the service Columbia hired to manage the victim hotline.
A grueling journey through Columbia’s victim support channels finally led a university official to explain how this happened. Decades of third-party data collection, combined with multiple failed data-removal initiatives, had left the school warehousing information on countless unaffiliated individuals.
Did taking the SAT expose my SSN?
In my search for answers, Kroll’s hotline proved useless. The only option hotline staff offered victims like me was to escalate the case. If you called back, they would offer to re-escalate it. Escalation supposedly meant a callback with more information. After weeks of silence, I switched tactics and contacted Columbia’s IT call center instead.
(Source: Ars Technica)
