Mass Email Blunder May Lead to Lawsuits Against Georgia Institute of Technology

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
22,363
Georgia Institute of Technology or as it is commonly known as Georgia Tech, has accidentally mass emailed 8,000 student records to all students. Things such as home addresses, GPA, Visa info, academic standing, ID numbers, and hours earned were attached to the mass mailing by staffers at the College of Computing. The staffers have been banned from accessing student records and the school is cooperating with the Department of Education and state officials. Students are considering a class action lawsuit as the data is federally protected.

The data leaked could be used to assume someone's identity, and at the least, cause embarrassment to many. It is also federally protected data, making the leak a serious issue for the school. Tech says the staff involved have been banned from accessing student records while the investigation is underway, and they are cooperating with the U.S Department of Education as well as the state system.
 
Reminds me of this...

332mbo2.png
 
How do you do something like this accidentally?

Me thinks it was on purpose.
 
Oh, I bet it was something stupid. Something seriously stupid, like, I would bet their IT department has some preset emailing lists, one of which is called "All students", which goes to all students (because you wouldn't want to type all 8,000 in by hand). And the Financial Aid office wanted a complete list of Fall 2018 student data because the Director doesn't have a clue how to use the data warehouse and the web-based system is too slow during student registration when everyone is pounding the fuck out of the production transaction server. And some dipshit at IT who uses GNU at home created a query with all of the student data, but every method of moving that file has been disabled in production, so he tried to bash the file to the Director with something like:

maildaemon mailto -s finaid@git.edu "All students" incl path/to/allstudents.txt EOT

because the older versions of UNIX put the addressee before the subject, like you would if you were using an email program, but a lot of the newer ones ask for the subject line first and then the addressee.

And so the system wound up sending the file to all of the students, because the poor bastard didn't know that "All students" was the name of a mailing list. And it was probably some poor grad student who did it, because every IT department is understaffed and is looking for a few of the better monkeys to plump up their staff and handle the grunt work.

Been there, seen it all, ate the doughnuts and found a giant cockroach (only seen in the remote jungles of South America) in my coffee. True story.

How is this FERPA-compliant?

+1 Like for saying, "FERPA compliant!"
 
Last edited:
Awfully loosey goosey with other's private information. I hope some Senator's kid was enrolled there.
 
Lawsuits eh?

Reminds me of when UC Berkeley "lost" a laptop that contained all the information of students who APPLIED to the school, and this was some time ago so social security numbers were part of this information that was leaked, along with address, phone, name, and whatever other crap they ask you on the application. So this pissed me off that all this information was on a laptop, this was pre-cloud days so yeah why not on a machine that's at least got a security cable holding it to a table, but doubly so that they denied my admission there (I don't blame them on them on this, I wouldn't take me either at the time) and this was like 6 years after the fact like seriously WTF is with them keeping this information for so long?

Needless to say no lawsuits were filed, all I got was a letter in the mail letting me know that it happened... almost a year after it happened telling me I should keep an eye on my credit history... i.e. pass the buck over to me for someone else fucking up with my personal information.
 
Back
Top