Student data exposed in U. Pittsburgh email attachment

In an email notifying students at the University of Pittsburgh Graduate School of Public Health of balances due, an administrator accidentally attached a spreadsheet with financial data not intended for the recipients, a university spokesperson told Edscoop Monday.

The Excel spreadsheet sent to seven students on Sep. 24 contained data regarding student tuition information of 38 students, including the seven recipients.

“No banking or Social Security information was included,” Allison Hydzik, a university spokesperson, said in an email.

Students who received the accidental attachment were instructed to delete the email from user accounts and devices, as well as empty email trash, the Pittsburgh Post-Gazette initially reported. Any further use or distribution of the information contained on the spreadsheet was said to be prohibited by the university.

“The University of Pittsburgh takes the privacy of student information very seriously,” Hydzik said.

The administrator admitted to making a mistake and has since apologized, Hydzik added.

“Pitt Public Health administrators are reportedly working with affected students to connect them with university resources and services to accommodate their needs,” she said.

This is not the first time that the faculty of a university has mistakenly exposed student data through a rogue email attachment. In March, applicants to the University of Chicago Law School had their personal information exposed when a faculty member accidentally sent a mass email with a spreadsheet of academic data accidentally attached.  According to Verizon’s 2019 data breach report, human error accounted for 35 percent of data breaches in the education sector over the last year.