The Daily Orange's December Giving Tuesday. Help the Daily Orange reach our goal of $25,000 this December


On Campus

Here’s what to do if Syracuse University exposed your data

Emily Steinberger | Photo Editor

The breach occurred Sept. 25, when someone gained unauthorized access to an employee's email account.

The Daily Orange is a nonprofit newsroom that receives no funding from Syracuse University. Consider donating today to support our mission.

The nearly 10,000 Syracuse University students, alumni and applicants who had their personal information compromised in a data breach can take additional measures to safeguard their privacy.

The breach occurred Sept. 25, when someone gained unauthorized access to an employee’s email account. The university, with the help of an outside firm, determined in early January that the names and social security numbers of about 9,800 people within the SU community had been exposed. 

The university sent letters to those whose information was exposed on Feb. 4.

Here’s what to do if your data has been compromised and how to protect your information going forward:



What should those impacted do?

SU is offering those whose information was compromised free, temporary access to identity theft and credit-monitoring services through Experian, a consumer credit reporting company. Accepting this offer is one way that impacted individuals can protect their data, said Lee McKnight, an associate professor in SU’s School of Information Studies who specializes in information policy and data security.

Those exposed in the breach should also pay close attention to their individual billing records, including credit card bills and bank accounts, McKnight said. 

Experian will alert users if their data is being misused, but students should be attentive to anything that’s out of the ordinary on their personal accounts. 

If someone were to attempt to sell personal records, they would have already started, McKnight said.

“If you see anything, instead of saying ‘I assume that’s okay,’ for the next 90 days at least, I say you better pay a little more attention,” he said. 

Students can attend a virtual information session discussing data privacy, security and rights, held as part of the Racial Equity Academic Symposium, on Monday from 2:30 p.m. to 4 p.m., McKnight said. 


More stories on SU data breach:


“This is a specific issue right now and a specific threat, but for all students at all times, we’re going to be facing these kinds of challenges,” McKnight said. “We use this as a bit of a teachable moment.” 

How can we protect our own individual data?

With the increase in online activity amid the coronavirus pandemic, cyber crime has been on the rise, McKnight said. 

It’s important to exercise caution online, he said. The data breach at SU occurred after an employee clicked on a link in an email and provided sign-in information that allowed someone to access the account. 

SU students should watch out for similar phishing attacks in their emails, McKnight said. While a student falling victim to such an attack wouldn’t affect the entire university, it could allow an outsider access to the information of their friends or those close to them. 

“We all have an obligation to each other to practice what’s called ‘good cyber hygiene,’ which means being aware and being a little suspicious,” McKnight said. “I think in general, Syracuse University students are pretty sophisticated and aware to look out for these kinds of phishing emails.” 

What should SU do to protect student data?

Unfortunately, students can’t control how the university chooses to protect their data, McKnight said. 

“For all students, it’s reasonable to ask that your personal information is maintained at least to standard practice,” he said. 

The university did not have multi-factor authentication, which is essential to protecting data in today’s world, in place for all employees prior to the breach, McKnight said. The security measures would have reduced the chances of a breach at SU had they been in place, he said. 

“I think we should all collectively, faculty and students, recognize that the university needs to do better to protect student records,” McKnight said. “A little bit more prevention would help protect everyone — students, faculty and the university.”

Support independent local journalism. Support our nonprofit newsroom.





Top Stories