‘We trusted the university’: students affected by SU data breach express frustration

Get the latest Syracuse news delivered straight to your inbox.
Subscribe to our newsletter here.

On February 23, a senior at the College of Visual and Performing Arts received a photo of a letter from his mother. His personal details, the letter from Syracuse University read, may have been disclosed.

The data breach affected approximately 9,800 SU students as well as alumni and applicants after someone gained unauthorized access to an employee’s email account. Data such as social security numbers and names were exposed in the leak.

The Daily Orange granted the VPA student anonymity for this story, as identifying information such as his name could be used maliciously due to the data breach.

Aside from the initial letter, the VPA student said she had not received any communication from the university regarding the data breach.


“The only contact from the university was this little letter,” she said. “I had no follow-up on this, which unfortunately was not surprising as I feel the university is not good at handling situations.”

The DO also spoke to another student, a senior at the Newhouse School of Public Communications, who was affected by the breach and wished to remain anonymous. Her name, social security number and home address were leaked, she said.

The university offered free to all involved a year of Experian IdentityWorks. The product “helps detect possible misuse of your information and provides you with identity protection assistance focused on immediate identification and resolution of identity theft,” according to the letter sent to those affected.

Both students said that was not enough.

While the school has given the protection software one year, the possible ramifications of the data leak can last a lifetime, the Newhouse senior said.

“I’m not asking for much, but could I get protection after at least the year? ” she asked.

They make it look like a minor problem when it is a really major problem

Senior VPA on how SU handled the data breach

After speaking with the university, the student was informed that SU would assess a possible extension of service after one year, she said. She plans to contact the school about the possibility.

Eric Ferguson, communications manager for IT services at SU, did not say whether the university would extend Experian IdentityWorks subscriptions.

Since the conclusion of an investigation, the university has found no misuse of the exposed information, Ferguson said in an email statement to DO. The university also found “no evidence that private personal information was actually accessed,” he said.

“We provided information security training for employees, migrated employee messaging to Microsoft Office 365 (which provides additional security through multi-factor authentication), formed a personally identifiable information working group at the office. ‘campus-wide and added multi-factor authentication to MySlice,’ Ferguson said in the email.


ITS announced in a campus-wide email Thursday that MySlice will undergo maintenance for an update, including the addition of two-factor authorization, over the coming weekend. The email was sent two days after the DO initially contacted the department regarding possible guarantees for SU data.

Ferguson did not comment further on employee training, the newly formed task force and the full investigation into the data breach.

The VPA student said she had not had any major incidents with her data since the breach. But she is worried.

“It’s a huge fear for me, and it’s a fear I shouldn’t have to worry about because I trusted the university with this information,” she said.

Worried about what might happen after the end of the protection year and graduation, the Newhouse senior wants some form of compensation.

“It could potentially be something that I will have to pay for the rest of my life, either with protection or something like that, so they should give us some sort of compensation or as a reduction in tuition,” he said. she declared.

The VPA student said that since the leak was the university’s fault, having only one year of monitoring service seemed “cheap.”

“They make it seem like a minor problem when it is a really major problem,” she said. “We trusted the university with this information.”

Contact Kyle: [email protected] | @Kyle_Chouinard

Previous Webinars offered to assist applicants for the Trade Border Relief Program
Next District 5 Candidates Discuss Greenwood Lake at CLG Forum | New

No Comment

Leave a reply

Your email address will not be published.