IMPORTANT NOTICE OF POTENTIAL ACCESS TO PRIVATE DATA
October 6, 2016
St. Cloud State University has learned of unauthorized access to the Office of Clinical Experience database containing field experience and student teaching placement data. The incident has been resolved, and no action is required on your part.
Data entered in the School of Education’s Office of Clinical Experience database application at St. Cloud State may have been viewed by unauthorized SCSU students or staff. In August 2016, the University confirmed that at least one student accessed the OCE placement database, using an administrator button that was mistakenly visible to all users.
St. Cloud State investigated the incident and determined that between April 11 and April 26, 2016, an administrator button was visible to anyone viewing data stored in the OCE placement database. Access was restricted to persons with SCSU Huskynet credentials (so persons outside of the University could not and did not gain access). However, during that two week window any user who clicked on the administrator button could view private data on all students in the database. As soon as we learned of this, staff restored the settings that limited administrator access to users with administrator credentials.
Unfortunately, the database does not log sufficient information to allow St. Cloud State to determine which students’ or faculty information was viewed. We therefore cannot say for certain if your information was viewed, or by whom. SCSU is aware that at least one student viewed placement data about other students using this method, and that instructions for how to view other students’ data was shared on a social media site. Private data that was potentially viewable in this database includes:
- Student Name
- Student Tech ID & Star ID
- Student Focus Area
- Student Last Term Working with OCE
- Student residential address
- Student email address
- Location of Student Field Experience Placement
- Names of Supervisors for Student Teaching
- Names of Cooperating Teachers
- University Supervisor Name
- University Supervisor Address
- University Supervisor Phone Number
- University Supervisor Email Address
- University Supervisor program
- University supervisor status (active/inactive)
Financial data, social security numbers and passwords are not stored in this database and were not accessed as part of this incident. No data was modified during this time period. The security of this database has been restored and this breach does not create risk for any other SCSU databases or systems.
Following St. Cloud State’s investigation of the above incident, a written report will be prepared, as is required by Minn. Stat. 13.055, subd. 2(b) that will include: (1) a description of the type of data that were accessed or acquired; (2) the number of individuals whose data was improperly accessed or acquired; (3) if there has been final disposition of disciplinary action, the name of each employee determined to be responsible for the unauthorized access or acquisition; and (4) the final disposition of any disciplinary action taken against each employee in response.
St. Cloud State University regrets this incident and any inconvenience it may cause. If you have further questions related to this incident, please contact Judith Siminoe, special advisor the the president, at email@example.com or (320) 308-2122 to request a copy of this report by mail or email.