Worcester Polytechnic Institute (WPI) recently disclosed a data breach involving personal information after an unintended access issue with one of its software applications. On September 18, 2024, the institution learned that a software share, initially intended for restricted staff access only, had been inadvertently made accessible to a broader group within the WPI community. This error allowed unauthorized individuals within the community to view certain student personal information, including names and Social Security numbers. The breach was discovered when a student found the access discrepancy and promptly reported it to the institution.
Upon learning of the breach, WPI immediately restricted access to the affected software share and launched an internal investigation. The university also engaged third-party specialists to ensure no external connections had occurred during the unauthorized access period. By October 11, 2024, WPI had completed a review of the exposed data, confirming the presence of personally identifiable information. Third-party specialists concluded on October 15, 2024, that no data had been accessed by individuals outside of the WPI community.
In response to the breach, WPI provided written notice of the event to 114 Maine residents whose personal data had been compromised. Affected individuals have been offered credit monitoring services through Experian for one year at no cost, as well as detailed instructions on how to protect against identity theft and fraud. These instructions include steps on placing fraud alerts or credit freezes with national consumer reporting agencies and guidance on obtaining a free credit report. WPI also encouraged impacted individuals to monitor their financial accounts and report any suspicious activity to law enforcement or relevant authorities.
WPI’s swift response to the breach highlights the university’s commitment to transparency and safeguarding the privacy of its community members. The institution’s actions, including the provision of credit monitoring and additional protective measures, demonstrate a proactive approach to mitigating the potential impact of the breach. WPI is also continuing to review its security protocols to prevent future incidents and ensure the protection of sensitive data across its systems.
Reference: