Two online training seminars were taken down after the grade point average, academic credits, and emails of 20 UConn alumni and students were displayed publicly from the Nexus platform. The videos, published in 2020 and 2022, respectively, were recorded training sessions for undergraduate student advisors openly accessible on the undergraduate advising website.
“The University learned in recent weeks that undergraduate advising training videos from 2020 and 2022 included views of computer screens with information that should not have been publicly visible,” UConn Deputy Spokesperson Mike Enright said.
“None of the data that was publicly viewable on the screens during the videos included Social Security numbers, financial information or similar specifics,” said Enright.
Although the information breach was contained to a relatively obscure section of the advising website, the university was required to follow a formal restoration procedure to ensure compliance with the Family Educational Rights and Privacy Act of 1974 (FERPA).
“The videos were immediately removed when UConn learned of the issues, and protocols are being developed to prevent a repeat incident. UConn also notified the students whose protected information was disclosed, almost all of whom have since graduated, as well as the U.S. Department of Education,” Enright said.
“Since the data was being viewed as part of a training session directly related to the records, the trainers were authorized to access it as part of their job responsibilities. UConn’s review of the incident also determined that no privacy or security concerns exist with the software platform itself”
UConn Deputy Spokesperson Mike Enright
University administration has not yet detailed what specific protocols are being taken to prevent future leaks but stresses that the Nexus platform itself is secure.
“Since the data was being viewed as part of a training session directly related to the records, the trainers were authorized to access it as part of their job responsibilities. UConn’s review of the incident also determined that no privacy or security concerns exist with the software platform itself,” Enright emphasized.
The threat of more damaging or malicious data leaks is a reasonable concern in the era of digitization, with numerous universities reporting breaches within the past year.
According to one report from the University of Michigan, the personal data of students and faculty including Social Security numbers, driver’s license numbers, financial information, and health information were compromised in August 2023, impacting as many as 230,000 people.
As institutions like the University of Michigan and recently Stanford University have witnessed first-hand, the risk of a widespread data breach is very real. Although spurred by an unfortunate, albeit isolated leak, the improvements being made to protect sensitive information stored in the UConn database have come not a moment too soon.