College of Business and Economics Website Posting Incident

Frequently Asked Questions

  1. What happened?
    On October 8, 2009, it was discovered that a faculty member mistakenly posted personal data on a College of Business and Economics Web page. The University immediately removed the information from the site and is seeking to notify all individuals who were included.

  2. What information was on the Web page?
    The information included first and last names and Social Security numbers (SSNs) of 82 students enrolled in, and 3 faculty members associated with four Department of Information Systems classes. It is believed that this personally identifying information has been publicly posted since July 2009.

  3. Which Business and Economics courses were affected?
    CIS 454 (Spring 2002); CIS 528 (Spring 2002); CIS 283 (Spring 2003); and CIS 585 (Spring 2003.

  4. Was information posted only on this one Web page, or was it posted to other Web pages as well?
    The information was posted only on a single faculty member’s site, and it was removed immediately once it was discovered.

  5. Why were Social Security, rather than CIN numbers, being used?
    The faculty member’s actions do not follow University guidelines and standard practices. Campus identification numbers (CINs) should be used as identifiers.

  6. How did the University discover this?
    The University was made aware of this by a person who viewed the Web page and informed the University. Once made aware of this situation, the files were immediately removed by the University on October 8, 2009.

  7. Why was personal information on this Web site?
    The faculty member had formatted this information as a class roster, with SSNs as an identifier. Its posting was unauthorized. Campus identification numbers (CINs) should be used as identifiers.

  8. What is the name of the faculty member who did this?
    The University cannot release the names of the faculty member because this is a personnel matter. All personnel matters are considered confidential, and therefore, Cal State L.A. cannot comment on specific disciplinary actions involving campus employees. However, please know that the University is addressing the situation appropriately.

  9. When was personal information posted to this Web site? How long was personal information posted on the faculty Web page?
    The faculty member posted the information July 2, 2009 (from the CIS 454, 528, 283, and 585 courses). When the College of Business and Economics was notified of the situation on October 8, 2009, the files were immediately removed.

  10. As a result of this incident, what is the College of Business and Economics doing to protect personal information?
    The College of Business and Economics has issued a reminder to all its faculty and staff about usage of Social Security numbers and the required encryption of personal information. Every faculty and staff member is encouraged to participate in ongoing information security training, which is provided on an ongoing basis for all employees of Cal State L.A.

  11. I haven't received an official notification letter or e-mail from Cal State L.A. about this incident, but I want to confirm whether I am impacted. How can I do this?
    The call center for this incident is the toll free number (800) 883-4029. We can check to see if your information was affected. A Web site with details about this incident is at the College of Business and Economics Incident Web site.

  12. Will I be getting a call from the University?
    No. The University will not call you about this incident unless it is in direct response to an inquiry from an affected individual.

    Please note: Be wary of individuals claiming to be affiliated with the University who may contact students, employees, and alumni asking for personal information such as Social Security numbers and credit card numbers with PINs. Please be aware that Cal State L.A. will contact only persons who are affected by this incident, and provide information and resources to help prevent possible fraud or identity theft. The University will not ask for any personal confidential information unless it is in response to an inquiry from an affected individual.

  13. Will this incident affect my ability to obtain a job, admission to another educational institution, a graduate program, or to get financial aid?
    This incident should not affect your ability to obtain either a job, admission to another educational institution, a graduate program, or financial aid. Nonetheless, we urge you to regularly obtain copies of your credit report and report any suspicious activity on your accounts immediately.

  14. I received a notification letter about this incident. Does that mean that someone has misused my personal information?
    There is no way of knowing if anyone actually retrieved or used your personal information. However, individuals should consider taking proactive steps to protect themselves from possible fraud and identity theft.

  15. What can I do to protect myself if a thief or thieves obtained my information?
    Visit the State of California Department of Consumer Affairs Office of Privacy and Protection Web site, for helpful information about protecting your identity. You should also consider contacting the credit reporting agencies listed below to complete an automated phone-in fraud alert process. When you request a free fraud alert, the agencies will automatically place fraud alerts on your accounts listed with them, and will separately mail you a credit report at no cost. The Web addresses and telephone numbers, including menu options, are as follows.

    • Equifax http://www.equifax.com
      (800) 525-6285 [select menu option 1]


    • Experian http://www.experian.com
      (888) 397-3742 [select menu option 2 ► 1 to hear recording of rights, or 2 to skip recording ► 3 ► 2]


    • TransUnion http://www.transunion.com
      (800) 680-7289 [select menu option 9]



  16. Do I need to obtain a credit report from all three agencies, or is querying one sufficient?
    When you place a free fraud alert with one of the credit reporting agencies, that agency is supposed to notify the other two agencies. To be on the safe side, it may be a good idea for you to contact all three agencies. Fraud alerts will then be placed automatically on your accounts, and credit reports from the agencies will be mailed to you at no cost. The Web addresses and telephone numbers of the three major credit agencies are below. Please note the menu options for placing a fraud alert by phone.

    • Equifax http://www.equifax.com
      (800) 525-6285 [select menu option 1]


    • Experian http://www.experian.com
      (888) 397-3742 [select menu option 2 ► 1 to hear recording of rights, or 2 to skip recording ► 3 ► 2]


    • TransUnion http://www.transunion.com
      (800) 680-7289 [select menu option 9]

  17. If I see something suspicious on my credit report, Social Security report, or banking statement, whom should I contact to investigate the activity?
    The California Attorney General's Web site has some helpful hints on what to do if you suspect fraud or identity theft. The State of California Department of Consumer Affairs Office of Privacy Protection also has various tips regarding identity theft. In addition, you can call your local law enforcement agency (e.g., city police department) to file a fraud report.

  18. Will the University pay for my credit report?
    No, but when you place a fraud alert with one of the credit reporting agencies, you will receive a free credit report. The California Office of Privacy Protection recommends every individual request a copy of his or her credit report on a yearly basis. Each affected individual interested in checking their credit report will need to pay the applicable fees, as they would every year to protect their information. For more information, see the California Office of Privacy Protection Web site.

  19. Are there negative consequences for placing a fraud alert?
    Fraud alerts are designed to protect potential and actual victims of fraud or identity theft, but please note that there may be some inconveniences to placing an alert. According the Federal Trade Commission's Web site: When a business sees the alert on your credit report, they must verify your identity before issuing you credit. As part of this verification process, the business may try to contact you directly. This may cause some delays if you are trying to obtain credit. To compensate for possible delays, you may wish to include a cell phone number, where you can be reached easily, in your alert. Remember to keep all contact information in your alert current. What is a Fraud Alert?