College of Business and Economics Website Posting Incident

Frequently Asked Questions

  1. What happened?
    On October 8, 2009, it was discovered that a faculty member mistakenly posted personal data on a College of
    Business and Economics Web page. The University immediately removed the information from the site and is
    seeking to notify all individuals who were included.
  2. What information was on the Web page?
    The information included first and last names and Social Security numbers (SSNs) of 82 students enrolled in,
    and 3 faculty members associated with four Department of Information Systems classes. It is believed that
    this personally identifying information has been publicly posted since July 2009.
  3. Which Business and Economics courses were affected?
    CIS 454 (Spring 2002); CIS 528 (Spring 2002); CIS 283 (Spring 2003); and CIS 585 (Spring 2003.
  4. Was information posted only on this one Web page, or was it posted to other Web pages as well?
    The information was posted only on a single faculty member’s site, and it was removed immediately once
    it was discovered.
  5. Why were Social Security, rather than CIN numbers, being used?
    The faculty member’s actions do not follow University guidelines and standard practices. Campus identification
    numbers (CINs) should be used as identifiers.
  6. How did the University discover this?
    The University was made aware of this by a person who viewed the Web page and informed the University. Once made
    aware of this situation, the files were immediately removed by the University on October 8, 2009.
  7. Why was personal information on this Web site?
    The faculty member had formatted this information as a class roster, with SSNs as an identifier. Its posting was
    unauthorized. Campus identification numbers (CINs) should be used as identifiers.
  8. What is the name of the faculty member who did this?
    The University cannot release the names of the faculty member because this is a personnel matter.
    All personnel matters are considered confidential, and therefore, Cal State L.A. cannot comment
    on specific disciplinary actions involving campus employees. However, please know that the University
    is addressing the situation appropriately.
  9. When was personal information posted to this Web site? How long was personal information posted on the faculty Web page?
    The faculty member posted the information July 2, 2009 (from the CIS 454, 528, 283, and 585 courses).
    When the College of Business and Economics was notified of the situation on October 8, 2009, the
    files were immediately removed.
  10. As a result of this incident, what is the College of Business and Economics doing to protect personal information?
    The College of Business and Economics has issued a reminder to all its faculty and staff about usage
    of Social Security numbers and the required encryption of personal information. Every faculty and
    staff member is encouraged to participate in ongoing information security training, which is provided
    on an ongoing basis for all employees of Cal State L.A.
  11. I haven't received an official notification letter or e-mail from Cal State L.A. about this incident, but I want to confirm whether I am impacted. How can I do this?
    The call center for this incident is the toll free number (800) 883-4029. We can check to see if your
    information was affected. A Web site with details about this incident is at the College of Business and Economics Incident Web site.
  12. Will I be getting a call from the University?
    No. The University will not call you about this incident unless it is in direct response to an
    inquiry from an affected individual.

    Please note: Be wary of individuals claiming to be affiliated with the University who may
    contact students, employees, and alumni asking for personal information such as Social Security
    numbers and credit card numbers with PINs. Please be aware that Cal State L.A. will contact only
    persons who are affected by this incident, and provide information and resources to help prevent
    possible fraud or identity theft. The University will not ask for any personal confidential information
    unless it is in response to an inquiry from an affected individual.

  13. Will this incident affect my ability to obtain a job, admission to another educational institution, a graduate program, or to get financial aid?
    This incident should not affect your ability to obtain either a job, admission to another educational
    institution, a graduate program, or financial aid. Nonetheless, we urge you to regularly obtain copies
    of your credit report and report any suspicious activity on your accounts immediately.
  14. I received a notification letter about this incident. Does that mean that someone has misused my personal information?
    There is no way of knowing if anyone actually retrieved or used your personal information. However,
    individuals should consider taking proactive steps to protect themselves from possible fraud and identity theft.
  15. What can I do to protect myself if a thief or thieves obtained my information?
    Visit the State of California Department of Consumer Affairs
    Office of Privacy and Protection
    Web site, for helpful information about protecting your identity.
    You should also consider contacting the credit reporting agencies listed below to complete an automated
    phone-in fraud alert process. When you request a free fraud alert, the agencies will automatically place
    fraud alerts on your accounts listed with them, and will separately mail you a credit report at no cost.
    The Web addresses and telephone numbers, including menu options, are as follows.
  16. Do I need to obtain a credit report from all three agencies, or is querying one sufficient?
    When you place a free fraud alert with one of the credit reporting agencies, that agency is
    supposed to notify the other two agencies. To be on the safe side, it may be a good idea for
    you to contact all three agencies. Fraud alerts will then be placed automatically on your
    accounts, and credit reports from the agencies will be mailed to you at no cost. The Web
    addresses and telephone numbers of the three major credit agencies are below. Please note
    the menu options for placing a fraud alert by phone.
  17. If I see something suspicious on my credit report, Social Security report, or banking statement, whom should I contact to investigate the activity?
    The California Attorney General's Web site has some helpful
    hints on what to do if you suspect fraud or identity theft. The
    State of California Department of Consumer Affairs
    Office of Privacy Protection
    also has various tips regarding identity theft. In addition, you can call your
    local law enforcement agency (e.g., city police department) to file a fraud report.
  18. Will the University pay for my credit report?
    No, but when you place a fraud alert with one of the credit reporting agencies, you will
    receive a free credit report. The California Office of Privacy Protection recommends every
    individual request a copy of his or her credit report on a yearly basis. Each affected
    individual interested in checking their credit report will need to pay the applicable fees,
    as they would every year to protect their information. For more information, see
    the California Office of
    Privacy Protection
    Web site.
  19. Are there negative consequences for placing a fraud alert?
    Fraud alerts are designed to protect potential and actual victims of fraud or identity theft,
    but please note that there may be some inconveniences to placing an alert. According the
    Federal Trade Commission's Web site: When a business sees the alert on your credit report,
    they must verify your identity before issuing you credit. As part of this verification process,
    the business may try to contact you directly. This may cause some delays if you are trying to
    obtain credit. To compensate for possible delays, you may wish to include a cell phone number,
    where you can be reached easily, in your alert. Remember to keep all contact information in your
    alert current.
    What is a Fraud Alert?