Subscribe to News: RSS | email newsletters

Search Duke News

Applicant Names Made Public On Physics Department Server

Friday, March 7, 2008

print | email |



Durham, NC -- Duke University’s physics department has sent alerts to 212 students who applied for admission to graduate studies and were included on a mailing list archive that was publicly accessible on a department server for three weeks.

The archive included the applicants’ names, email addresses and grade point averages, along with limited comments from department members, but did not include information such as Social Security numbers or passwords.

“Duke computer experts have analyzed the situation and determined that the mailing list archive was given the wrong setting -– public instead of private -– when it was created on January 31, 2008,” Daniel J. Gauthier, the department’s chair and a professor of physics and biomedical engineering, wrote in an email message to the students on March 6. “As a result, the archived information was accessible through a Google search from then until February 20. As soon as the department discovered this, it immediately made the archives private and contacted Google to clear its cache of the information, which it has done.”

Gauthier said the department is taking “multiple steps” to prevent the problem from recurring. He called on the applicants to “remain as diligent as usual about monitoring your electronic correspondence and credit information,” and to contact the department with any concerns.

A copy of Gauthier’s message follows below:

---

Dear <Name>,

I’m writing to let you know about a situation discovered by Duke’s Department of Physics that involved the names of you and others who applied to the department for graduate studies. On February 20, 2008, the department learned that the archives of a mailing list created for its admissions committee had inadvertently been made accessible on the Web. Duke computer experts have analyzed the situation and determined that the mailing list archive was given the wrong setting ­ public instead of private ­ when it was created on January 31, 2008. As a result, the archived information was accessible through Google search from then until February 20.  As soon as the department discovered this, it immediately made the archives private and contacted Google to clear its cache of the information, which it has done.

Your name was included on the list, which also included the e-mail addresses and grade point averages of the applicants. Fortunately, the list did not include social security numbers or electronic password information. However, we did want you to be aware this information was briefly made public, and we recommend that you remain as diligent as usual about monitoring your electronic correspondence and credit information.

The security and safety of our community is of utmost importance to us, and Duke University works hard to protect the personal information of prospective students and other community members. We are taking multiple steps to address this exposure of information and prevent it from happening again. All faculty members in the Department of Physics have been instructed to review their electronic accounts to ensure that appropriate privacy settings are enabled.

We sincerely regret that this situation occurred and apologize for any inconvenience it may cause you. If you have any questions or concerns, please do not hesitate to contact the Physics Department by telephone at (919) 660-2502 or by email at chair@phy.duke.edu.

Sincerely,

Daniel J. Gauthier
Chair, Department of Physics
Professor of Physics & Biomedical Engineering
Duke University
Box 90305
Durham, NC 27708

David Jarmul

Associate Vice President, Office of News and Communications

T: (919) 684-2823

Email: david.jarmul@duke.edu

RELATED TOPICS: