After data breach, Syracuse University’s silence is glaring
Photo illustration by Emily Steinberger | Photo Editor
The Daily Orange is a nonprofit newsroom that receives no funding from Syracuse University. Consider donating today to support our mission.
The names and Social Security numbers of nearly 10,000 Syracuse University students, alumni and applicants have been compromised. But SU still hasn’t published any campus-wide communication acknowledging that it even happened.
It took about a month for the university to inform people that their accounts had been affected by the breach, which occurred after an unauthorized party gained access to an employee’s email. SU never sent an email to the student body or published an SU News release to proactively notify the entire campus of this security threat. We’re disappointed, but we’re not surprised.
This isn’t the first time SU has failed to honestly and transparently communicate with concerned members of its community.
After racist graffiti targeting Black and Asian people was found in Day Hall in November 2019, SU failed to inform the student body for several days. A university official went as far as to tell Day Hall residents not to share details of the incident. SU’s delayed communication sparked the formation of #NotAgainSU, a movement led by Black students that twice occupied university buildings to demand accountability and transparency from SU.
Instead of prioritizing its stakeholders’ safety, SU administrators did what they always do: kept their mouths shut and hoped no one found out.
The entire SU community was not impacted by the breach, but that’s not a sufficient reason for keeping the whole campus in the dark. When you compare the nearly 10,000 people affected to the 14,000 undergraduate students who attended SU in the fall, it’s obvious that the security threat was extensive enough to necessitate transparent and immediate communication from the university.
It’s standard practice for private companies to inform users and customers of security breaches. Equifax did in 2017. eBay did in 2014. Yahoo did in 2017. SU, a private university, has mailed letters only to those directly impacted, neglecting to inform the broader campus community of possible exposure or provide peace of mind that our accounts remain secure.
People need to immediately know if their accounts are breached so they can take action against it, especially if SU hasn’t rectified the issue any more than providing free, short-term memberships with a consumer credit reporting agency.
In 2021, SU should have used a faster, more efficient method than snail mail for notifying those affected by data breaches. It’s unacceptable that an immediate press release wasn’t SU’s first reaction to a potentially dangerous security threat. Instead, they sent out a paper letter that some people thought was fake.
The time has long passed for SU to publicly detail actions it’s taking on a breach of such personal information. Now we are left to call on the university to do what it can. Even if it’s a month after the fact.
The university needs to implement new policies, ones that do more than just provide temporary identity protection support and actually address the long-term repercussions of this breach.
The vague communication — and in this case, the lack of communication — from the university needs to change. When nearly 10,000 Social Security numbers are on the line, we need to hear from university leaders immediately instead of waiting for a letter in the mail. As students who may have had our data breached, we are not asking. We are demanding.
SU’s failure to transparently communicate about this security threat is embarrassing. It’s time for a university that has one of the top public communications schools in the nation to do a better job of communicating.
The Daily Orange Editorial Board serves as the voice of the organization and aims to contribute the perspectives of students to discussions that concern Syracuse University and the greater Syracuse community. The editorial board’s stances are determined by a majority of its members. You can read more about the editorial board here. Are you interested in pitching a topic for the editorial board to discuss? Email opinion@dailyorange.com.
Published on February 11, 2021 at 1:22 am
Contact: opinion@dailyorange.com