More applicants to the University of California than originally thought had private information, including their Social Security numbers, displayed to other applicants because of a glitch on a UC application Web site.
The unintentional release of information on the Web site has raised questions about applicant privacy and the possibility of identity theft, a growing problem in the United States.
Lavonne Luquis, a UC spokeswoman, said the UC sent an additional 183 applicants letters last Monday notifying them that their information had been viewed.
Those notifications came on top of that of 108 students, who were contacted the previous week.
The UC also sent 2,048 applicants letters the previous week saying their personal information may have been viewed by other applicants.
Personal information that may have been displayed in addition to Social Security numbers included the applicant’s name, address, date of birth, phone number, citizenship status and SAT or ACT scores. The information could only be accessed by other UC applicants.
The UC application Web site is maintained by Educational Testing Services.
By state law, the university was required to notify the individuals that may have had personal information accessed.
A recent survey released by the Federal Trade Commission, the government agency that deals with identity theft, showed that 27.3 million Americans have been victims of identity theft in the last five years, including 9.9 million people in the last year alone.
Betsy Broder, an FTC official, said identity theft is a growing crime and “is more widespread and pernicious than previously realized.”
Because of this growing problem, many have called for more stringent controls on personal information released to organizations, companies and universities.
Universities across the country store millions of students’ personal information in large databases that can sometimes have glitches or can be hacked.
“The recent UC foul-up demonstrates the need to take computer security and information sharing processes very seriously,” said Henry Pontell, a UC Irvine professor of criminology, law and society and author of several books and articles on identity theft.
“You can do a lot with someone’s Social Security number. (The numbers) were never meant to be a national identifier, but they have been, and they need to be guarded very carefully,” he said.
Social Security numbers are used for UC applications to help better identify students.
Pontell said personal identity theft has been around for years. But he stressed the need for encryption technology because of the major threat of information theft on large databases, as the potential for harm is far greater than individual identity theft. He also said universities need to be especially careful.
A database at the University of Texas, Austin was hacked into last year, resulting in the exposure of more than 50,000 Social Security numbers to unauthorized individuals.
“Tighter security regulations are needed these days, because there are too many ways information can be misused, stolen or lost. The issue needs to be prioritized on the public agenda because this theft can end up crippling our economy,” Pontell said.
Last year’s identity theft losses to businesses and financial institutions totaled nearly $48 billion and consumer victims reported $5 billion in out-of-pocket expenses, according to the FTC.
“These numbers are the real thing,” said Howard Beales, director of the FTC’s Bureau of Consumer Protection, in a statement. “For several years we have been seeing anecdotal evidence that identity theft is a significant problem that is on the rise. Now we know. It is affecting millions of consumers and costing billions of dollars.”