1. What happened?
A: On March 2, 2015, Auburn University became aware of a data security incident involving the inadvertent exposure of the personal information of some current, former, and prospective students, including applicants who never enrolled or attended the university. The University corrected this internal issue the day it was discovered and retained independent IT forensics experts to help identify the full extent of the data involved, as well as the individuals who may have been affected. While our investigation is ongoing, we have determined that files containing the personally identifiable information of certain current, former, and prospective students were inadvertently accessible through the Internet between September 2014 and March 2, 2015. Although we are unaware of any attempted or actual misuse of any personal information as a result of this incident, we have taken action to directly notify and provide support to all those whose information may have been exposed.
2. What type of personal information was accessible?
A: The information varied depending on each individual, but was some combination of name, address, date of birth, Social Security number, email address, and academic information. No financial information, bank account or payment card information was involved.
3. Why does Auburn have my Social Security Number if I never attended or applied to the university?
A: Auburn, like many universities, obtains prospective student information from a variety of sources. In the past, some of those sources, such as the ACT prior to September 2007, included Social Security Numbers along with other personal information.
4. How many individuals are affected by this incident?
A: Based on the results of our investigation to-date, approximately 364,012 individuals may have been affected.
5. How do I know if I am affected by this incident?
A: All affected individuals will receive a written notice in the mail that will include information about the incident and the resources and services available to you.
6. What is Auburn University doing to protect affected individuals?
A: Upon learning of this incident, Auburn University immediately secured our system and launched an investigation to identify the full scope of data and individuals potentially affected. Once the individuals were confirmed, Auburn University promptly sent out notice of this incident and contracted with Experian, the world’s largest credit bureau, to offer every affected individual two free years of identity credit monitoring and identity protection services, as well as lifetime access to fraud resolution services.
7. Where can I receive more information about this incident?
A confidential assistance line is available at 877-237-7191. Please use reference number 655-703-2515 when calling.
Last Updated: Apr. 10, 2015