Some UW Oshkosh students received an email from Interim Vice Chancellor Brandon Miller about a data exposure due to a glitch related to Gmail and were recommended to change their passwords.
UWO Chief Information Officer Anne Milkovich said the glitch in the system happened by a Google mail-merge add-on product, which was able to send a spreadsheet of data instead of pulling data for a personalized message.
“We have used this product for some time without incident, and we have not been able to replicate the glitch,” Milkovich said. “We will discontinue use of that add-on product until Google confirms it has corrected the glitch.”
Milkovich said there was no information released in the glitch that would be able to cause identity theft.
“As a precaution, we advised the impacted students to change their passwords to protect their accounts, which should be done on a regular basis anyway,” Milkovich said.
This data exposure comes after a phishing scam of D2L over winter break. Milkovich said some of these phishing scams and other technology issues are not always preventable.
“The IT department manages prevention where possible and responds to incidents out of our control,” Milkovich said. “We also work to increase people awareness and ability to self-protect.”
UWO junior Austin Krusen said he is concerned about the University’s recent data exposure and phishing scam.
“I received an email saying to change my password for financial aid and that kind of concerned me,” Krusen said. “I went in and immediately changed everything.”
Krusen said although this glitch did affect him personally, he still trusts the University with informational technology security safety.
“It doesn’t really scare me,” Krusen said. “It was nice that they let everyone know that this happened though.”
UWO junior Dani Parker said she trusts the University with informational technology security as well.
“I still have a decent amount of trust,” Parker said. “This is the first I am hearing that this happened. I would just like the University to let students know when things like this happen, even if it doesn’t happen to them directly.”
Milkovich said the University could have not taken any precautions with the unforeseen glitch.
“With technology having occasional vulnerabilities, we always advise students, faculty and staff to change their passwords regularly, at least every semester, and to not use the same password for school accounts as they might use elsewhere,” Milkovich said.
Moving forward, Milkovich said UWO will offer training and hopes to start policies that will help data exposures like this from happening again.
“We are implementing university-wide information security training to help with that,” Milkovich said. “It will be required for employees and optional for students. We will also be implementing a policy to require regular password resets, decreasing the incident risks significantly.”
