At least 16 thousand California State University students have had their personal data exposed in a leak via a third-party vendor that had its security breached, according to an email sent to students.
“On Friday, August 28th, CSUSB learned of exposure regarding student information from Agent of Change (AOC)/We End Violence (WEV), a vendor providing web-based sexual assault prevention training as required by law to multiple California State University (CSU) campuses,” Brian Haynes, CSUSB’s Vice President for Student Affairs, wrote in an email sent to CSUSB employees on Friday morning.
end articleparagraph1.pbo start articleparagraph1.pbo
“The training system was located on the vendor-hosted servers outside CSUSB. This vendor was contracted by CSU, and nine campuses including CSUSB using this system,” Haynes’ email continues. “A total of 16,702 CSUSB students have been impacted by this security breach. The vendor has taken full responsibility for this breach and is communicating with our students on mitigation measures they can take.”
The CSU has terminated its relationship with We End the Violence, according to Haynes’ email, and students who had not completed the training are no longer barred from graduating.
end articleparagraph1.pbo start articleparagraph1.pbo
According to the email to students, “no social security, driver’s license or credit card information was disclosed,” but students’ names, student identification numbers, student email addresses, mailing addresses, gender, race, ethnicity, relationship status and sexual identities were exposed in the data breach.
“The protection of your personal information is our highest priority,” the draft email from the CSUSB Office of Title IX and Gender Equity reads in part. “As soon as CSUSB learned of the data exposure, the campus worked with CSU IT Security to learn more about the breach and the proper communication protocol to reach impacted students.”
end articleparagraph1.pbo start articleparagraph1.pbo
Among the nine CSU campuses affected were Cal Poly Pomona and Cal State Northridge. All CSU students enrolled during spring 2015 were required to take a sexual assault prevention class by state law.