A data breach running since spring 2014 on the district security system was discovered in November. The names, date of birth and social security numbers of about 1,000 of spring 2013 students and about 150 employees in San Jose City and Evergreen colleges had been accessible on the district website for more than two years, public information officer at the Chancellor’s office Ryan Brown said.
After the discovery, Brown said that the district removed the file immediately and contacted every individual whose information was on the file, notifying them that the district would offer a free service providing identity repair and credit monitoring service with the company AllClear ID during a year.
“The only way to find the file was doing a search” Brown said, “there never was a hyperlink to the website.”
At the April 4 academic senate meeting, Vice Chancellor Ben Seaberry said that the district’s estimated cost for the breach was about $45,000 and was not covered by its insurance.
David Lomax, a SJCC construction instructor who took plumbing class in spring 2013, received the letter from the district informing him he was part of the file exposed to the security breach: he said he didn’t understand what it was related to.
“The letter was pretty cold, disturbing,” Lomax said. “I have had so many computer problems before, and nobody came back to me, and then I received a letter explaining ‘it’s not our fault,’ it was pretty upsetting.”
Recently, some faculty members of the San Jose Evergreen Community College District received a letter from the Internal Revenue Service informing them that a suspicious federal tax return had been filed with their names and social security numbers.
Among them, some were taking class during the spring semester 2013 and their names were on the file.
It would be easy to relate the data breach to their potential identity theft: we tried to contact these faculty members but none of them accepted to publicly connect the two events.
The district doesn’t plan on reinforcing support for student victims of this data breach, arguing that all the necessary measures had already been taken, and no evidence existed about a link between the data breach and the identity theft.
“I have not heard of anyone who has experienced identity theft who can say it is for certain related to this data breach,” Brown said. “We have absolutely no evidence. We also know people who have received a letter from the IRS about a suspicious federal tax return who were not on the list. The chancellor of the district received it, for instance. From what we know, it is not related.”
Brown added that identity theft had been increasing lately and that we were in a time of the year when people might discover it because it was the period of filling tax return.
A disciplinary process for the district also started but the identity of the employee responsible for the data breach remained secret.
The public is just told that it wasn’t an act of malice but an unintentional post.
“We’ve done re-training for the employees and we’re looking at technology tools to prevent that,” Brown said. “As a district, we take very seriously protecting the personal information of our students and employees to prevent something like this never happens again.”
The president of academic senate and ethnic studies professor Jesus Covarrubias said faculty was very concerned.
“If students are victims from identity theft, it could be absolutely linked to the data breach, that is serious and would compromise their privacy,” Covarrubias said.
Covarrubias said it will be important for the district to provide follow ups, particularly if students speak up and ask help from their teachers.
“If students notice some irregularities either on their financial status or other, they should definitely come forward and consult a teacher to guide them to the right resources,” Covarrubias said. “We don’t want students to be negatively affected by what happens in SJCC.”
From the student side, the associated student government heard about the data breach, but didn’t receive any complain from students, President Iriana Luna is not planning to address that issue for now: “there is no faculty or any students coming to us to address this issue, so it’s kind of hard for us to take a stand,” she said.
The student trustee at the district board Marcelo Lopez encouraged students to “speak up if and when there is a security issue, so that concern can be properly addressed.”
CALL TO WITNESS FOR STUDENTS AND FACULTY
You have taken classes in spring semester 2013 and you received a letter from the district informing your security was at risk, or you didn’t receive any letter but you are concerned: send an email to [email protected] to testify.