IDs sent out in e-mail

The Registrar's office mistakenly released student identification numbers, many of them identical to social security numbers, in a computer-glitched e-mail Monday afternoon.\nThe e-mail was sent to 99 students whose summer schedule of classes could not be delivered because of incorrect local addresses.\nRegistrar Roland Coté said that the e-mail itself is a normal response to student address problems.\n"When we learn of a bad address, we contact the student by e-mail and ask them to update through Insite," he said. "However, in this case the ID numbers, some of which are social security numbers and others which are not, of all of the students to who the e-mail was sent were printed within the body of the message."\nIndiana Daily Student staff writer Andy Welfle received the e-mail, which included his social security numbers.\n"At first, I wasn't sure what the numbers were for," Welfle said. "Then I saw mine, and it was kind of surprising. I'm a little angry, but I'm not really sure what I can do about it. I realize it was a mistake, but it was such a big one that I really hope it doesn't happen again. "\nThe glitch occurred because of computer operating system updates at the Registrar's office.\n"We've been in the process of updating our operating systems to Windows 2003 and XP," Coté said. "There is a default setting in the Outlook e-mail program in Windows 2003 that we were not totally aware of. Not only were we not aware of the default setting, but we were also not aware that it would have the effect that it did on our e-mails."\nThe Registrar's office uses a Dynamic Distribution System, which is a massive e-mail distribution system. When a collection of ID numbers is put into the system, the corresponding e-mail addresses are found and the attached message is e-mailed out to those students. \n"Because of the transition to the different operating system, the DDS did not know how to respond to the task," Coté said. "The message was formatted in HTML instead of normally being in plain text. The system did not know what to do with the numbers and, in turn, just added them to the e-mail."\nThe Registrar's office was not aware of the mistake until they received a reply e-mail containing the original text of its e-mail.\n"We discovered the error at about 11 a.m. on Monday when a student responded back," Coté said. "The person who received that e-mail looked at the part of the original one we sent and saw the mistake."\nThe distribution of these numbers alone, without any matching names or information, means it would be difficult to create identity theft problems, said IU Police Department Lt. Jerry Minger. \n"Without a name to associate it with, the chances of using it as a means to get information is small," Minger said. "However, students should always be wary. Everyone should always be conscious of any activity on credit cards or anywhere else that does not look valid."\nStudent IDs are used to login to Insite, and the last four digits are the pin number, unless a student decides to change it. The release of student IDs then could grant access to grades, scheduling information, financial aid and other personal information.\nThe Registrar's office is replying to effected students with an apology letter explaining the problem in some detail.\nCoté said this glitch further reinforces the University's decision to discontinue the use of social security numbers as the primary student identifier and to randomly assign 10-digit numbers as student IDs.\n"The e-mail and that those numbers were there was unfortunate," Coté said. "It just should not have happened."\n-- Contact staff writer Mallory Simon at mgsimon@indiana.edu.