Processing Error Briefly Opens Information to Student View
Aug. 10, 2009
Early Monday, officials at the University of Texas at Dallas reversed a processing error that could have allowed students to see one another’s directory information, class schedules and charges for the upcoming semester on a password-protected Web site used to process financial transactions.
Ordinarily, a student logging in to the Web site would see only his or her own information. The error granted to the entire student population privileges that should have been available only to a specific group of University employees.
The mistake was made during the weekend when a programmer working to complete a conversion of the University’s student information system processed a request that unintentionally included all students rather than just employees of a specific office.
Records that were briefly viewable to UT Dallas students included other students’ names, addresses, class schedules, Net identification, UT Dallas ID number, and tuition and fees charged for the upcoming semester. Months and dates of birth were also viewable, but not years.
No payment records or histories were viewable. No credit card numbers or other personal financial account numbers were viewable. No Social Security numbers were viewable.
Most of the information involved falls under the legal definition of “directory information” available to the public. Students may, if they are concerned, place a fraud alert on their credit reporting accounts using information at http://www.utdallas.edu/ir/security/DataCompromiseResources.htm
Students with further questions should call the Information Assurance line at (972) 883-4678.
Media Contact: Office of Media Relations, UT Dallas, (972) 883-2155, firstname.lastname@example.org