Advertisement

U. Chicago Law School accidentally sends applicant data to new students

A spreadsheet mistakenly sent to 297 new students contains personal and academic information of every applicant to the school's fall master's program.
University of Chicago Law School
University of Chicago Law School (University of Chicago Law School)

Applicants to the University of Chicago Law School had their personal information exposed this month after a senior administrator sent a mass email with the sensitive data unknowingly attached, a university spokeswoman told EdScoop.

An attached spreadsheet included the names, contact information, academic data like GPA and test scores, and admissions decisions — with comments — of every applicant to U. Chicago’s Fall 2019 Master of Laws program. The information was attached to an email sent on March 1 to the 297 students who were admitted into the program. Several discussing the incident in an online forum say it was Richard Badger, the university’s associate dean, who sent the email.

“We have the highest respect for our applicants and their privacy, and deeply regret the error,” said Marielle Sainvilus, U. Chicago’s director of public affairs.

Sainvilus said the university took corrective action as soon as the mistake was discovered. “We notified everyone whose data was included in the spreadsheet to express our apologies and provide information about the data that was disclosed,” she said.

Advertisement

However, some applicants have been critical of the way the university has handled the situation.

According to one user of a Master of Laws discussion page, the school failed to notify those affected by the leak until three days after the incident.

“I was baffled that it took so long for the school to take an action, and that a short single email was all that the school can do,” the user wrote.

Illinois data breach notification law requires schools to notify individuals of a breach once it is known, but does not specify a time frame that this notification must occur within. Rather, it states, “the disclosure notification shall be made in the most expedient time possible and without unreasonable delay.”

Other affected applicants said they were also disappointed with the top-tier law school, pointing out how competitive the legal industry is and how harmful this data leak can potentially be to the future law professionals affected.

Advertisement

Sainvilus said those who received the data were instructed to delete the email and that the university is continuing to follow up with the few recipients who have yet to respond to that request. However, if the data has been downloaded from the email, the university can’t retrieve the information or stop it from being shared.

“We are currently looking into whether additional corrective action may need to be taken, and are examining our practices to try to ensure that this does not happen again,” Sainvilus said.

Betsy Foresman

Written by Betsy Foresman

Betsy Foresman was an education reporter for EdScoop from 2018 through early 2021, where she wrote about the virtues and challenges of innovative technology solutions used in higher education and K-12 spaces. Foresman also covered local government IT for StateScoop, on occasion. Foresman graduated from Texas Christian University in 2018 — go Frogs! — with a BA in journalism and psychology. During her senior year, she worked as an intern at the Center for Strategic and International Studies in Washington, D.C., and moved back to the capital after completing her degree because, like Shrek, she feels most at home in the swamp. Foresman previously worked at Scoop News Group as an editorial fellow.

Latest Podcasts