Security breach affects employees, family members
March 12, 2018
A data security breach resulted in the disclosure of the names and Social Security numbers of Columbia employees and their family members on IRIS, the college’s internal website.
The college learned Feb. 15 that SharePoint, the search portal application used to apply for the Tuition Exchange Program, a college employee benefit, displayed the personal information, according to a March 2 email sent out to those affected by Senior Vice President of Business Affairs and CFO Jerry Tarrer.
Communications Academic Manager Craig Sigele, who is also an adjunct professor in the Communication Department and president of the United Staff of Columbia College, said he learned from Human Resources that 46 employees were affected by the data breach.
“I am concerned that there was a data breach after everyone has started to use SharePoint,” Sigele said. “I’m disconcerted and I’m disappointed that [Human Resources] did not contact the union as union staff members were affected by this, which could impact them greatly.”
Once the breach was discovered, Columbia’s Information Technology Department immediately took steps to secure the information and changed the application so that personal information could no longer be displayed on the program, Vice President of Strategic Communications and External Relations Mark Rosati said in a March 6 emailed statement sent to The Chronicle.
“The college takes the security of personal information seriously and regrets the incident. The college sent letters to everyone whose data may have been displayed on the internal site,” Rosati said in the email. “While there is no evidence of misuse of the information, as a precaution the college is offering LifeLock identity protection, including credit alerts and other safeguards, at no cost for 12 months.”
Former Security Engineer Jeffrey Champion said communication, awareness and tightening access to the employees’ programs are the safest methods to secure data from breaches.
Champion advised that the passwords for the websites should be changed daily.
Champion also said he was happy to hear of the protection Columbia was offering the employees and the family members that were affected by the breach.
LifeLock would protect the identities of the employees as well as the family members affected by the security breach, according to the letter from Tarrer.
“The reason we went to SharePoint in the first place was supposed to be for more protection against breaches,” Sigele said. “I had assumed we were protected more from data breaches and from security access to documents so now it makes me wonder if we really are more secure.”