Tuesday, May 16, 2006

MIT and my SS#...

I just got a letter in the mail that says that MIT accidentally sent out my personal info (including SS#, birthday, address...) to 150 people on an MIT mailing list. They say they are sorry... but I'm pretty upset. "Sorry" isn't going to cut it if I end up the victim of identity fraud.

Why the heck do they have that stuff in some file that can accidentally get mailed around? I'm not a student or employee anymore... Also, what mailing list did they send it to exactly? I think I have a right to know (and no, saying that the mailing list is 150 people who are "mostly" members of the MIT community does not make me feel better)

Here's the press release that I found about it. I can't believe there isnt' more news about this... There doesn't even seem to be anything in the Tech about it either.


Blogger Qian said...

That's quite appalling but unfortunately not rare these days. MIT should at least offer you free credit monitoring for a year. Maybe you should ask them to provide it.

5/16/2006 11:12:00 AM  
Blogger Justin said...

The Tech did print an article on the error today, though it doesn't seem to provide much more information than the press release.

It does seem odd that they're not being more forthcoming about exactly who got the personal information-- that seems like very germane information. I'd second Qian's suggestion as well and suggest that MIT pay for credit monitoring. It may also be worthwhile to call the credit bureaus and put a fraud alert on your account just in case.

5/16/2006 04:07:00 PM  
Blogger Eric said...

That is really bad. I agree with finou, not only is it extremely neglidgent that they email this around, but such a file should not be sitting on some computer in the vice president's office, much less in unencrypted form.

Once she has terminated her relationship with MIT, the only reasonble excuse for them hanging on to that information is that I can think of is if it takes a while for that information to be removed from some backups. But that data should be encrypted, especially on backups.

If they're trying to hold on to this information to more powerfully pester alums into giving money, that is really not right.

If they're hanging on to that info as a way of validation for sending transcripts, etc., then I could beleive that it was not malevolent, but it is still quite neglidgent.

BTW- I think UC has had several related incidents in the news during the last couple of years. I think one involved a lost laptop with unencrypted personal data. I completely forget the details of the other, but if it's any consolation, it's not just MIT that is deficient in this area.

5/23/2006 01:11:00 AM  
Blogger finou said...

My sister's info was on the laptop incident with UC Berkeley. Now, supposedly they got the laptop back and it looks like the person didn't know what they stole so it's ok but the weird thing is that my sister never went to Berkeley! The database on the laptop had a list of people with (SS# and stuff) who had applied to (but not gone to) Berkeley years prior! Why do they still have that around....

5/24/2006 01:18:00 PM  

Post a Comment

<< Home