Oh, those hidden fields in Excel spreadsheets: Columbia University Medical Center notifies students of breach

It seems that Columbia University Medical Center inadvertently exposed  the Social Security numbers of 138 medical students from the graduating class of 2013 in an Excel spreadsheet sent to faculty, students, and staff.

CUMC became aware of the breach on March 15.  The breach occurred because the Excel spreadsheet with residency match lists for the graduating students  included a hidden field that contained SSN.

IT detected the problem shortly after the email was sent, deleted the email from the server, and immediately attempted to control further dissemination of the email and spreadsheet. Those affected were notified promptly. The university had no reports of any misuse of the information, but offered affected students free credit monitoring and restoration services anyway.

In the process of investigating the incident, CUMC discovered that this problem had actually occurred twice before. The Excel spreadsheets with residency match lists for 120 medical students in the class of 2008 and 149 medical students in the class of 2009 also contained the hidden fields with SSN.

 

 

About the author: Dissent