Georgia Tech mistakenly releases data about nearly 8,000 students

Atlanta: Georgia Tech students walk the stairs leading to the Tech Walkway on the first day of school on Monday, Aug. 21, 2017. JOHN SPINK/JSPINK@AJC.COM

Atlanta: Georgia Tech students walk the stairs leading to the Tech Walkway on the first day of school on Monday, Aug. 21, 2017. JOHN SPINK/JSPINK@AJC.COM

Many Georgia Tech students are furious after the university mistakenly emailed personal information of nearly 8,000 College of Computing students to fellow students.

The information included student identification numbers, telephone numbers, dates of birth, addresses, grade-point averages and nations of origins for students born outside the United States. Social security numbers were not included in the data leak, Tech officials said.

Tech officials said College of Computing staff were building a list of students to invite to a conference and inadvertently attached the list of students identified to receive the message. The incident took place July 16. The staffers initially tried to recall the message. Tech administrators emailed the students whose information was in the spreadsheet to and asked students who received the spreadsheet to delete the message.

U.S. Department of Education and University System of Georgia officials have been alerted, Tech officials said. About 30,000 students attend Georgia Tech.

Students said in interviews Thursday with The Atlanta Journal-Constitution they were surprised, angered and frustrated by the disclosure of such sensitive data, particularly because of the school’s reputation as one of the most technologically-advanced higher learning institutions in the world. Many were particularly upset by the sharing of their identification numbers, which could be used to unlock other information about them, and their grade-point averages, a point of concern at one of the most academically-competitive schools in the nation.

“I was surprised they were that negligent,” said Austin Adams, 21, a rising senior.

Tech said in a list of “frequently asked questions” sent to students about the disclosure that they have revoked access of student data to the workers involved pending its investigation.

"Clearly, additional (Family Educational Rights and Privacy Act)training will be done, but actions must be and will be taken to go beyond a review of policy," Tech said in the FAQ.

That’s not good enough, several students said.

Daniel Fridkin, 19, who’ll be a second-year student this fall, asked why Tech had such detailed information in a spreadsheet. He said such data should have been in a access-protected server.

“The problem is not a human problem,” Fridkin said. “It’s an infrastructure problem.”

Fridkin also criticized Tech for saying it won’t change student identification numbers because it is a “complex process and could create other problems.” Fridkin said Tech should be able to warehouse such student data multiple ways and said Tech’s response shows how “archaic it is.”

Data breaches and disclosures are becoming commonplace, from a discovery earlier this year that a SunTrust employee wrongly accessed basic information about 1.5 million customers to multiple data breaches of millions of Georgia voters in recent years.

Third-year student Vivek Rajasekar, 20, wants leadership changes at Tech, saying the disclosure “represents nothing short of gross negligence, if not gross incompetence.”

Some students said this is not the first data disclosure. Tech officials were unable Thursday to answer questions about prior disclosures or the information shared in the emails has been used to access to harm students.

Adams summed up the thoughts of many Tech students.

“I just want them to be more careful,” he said.