Degree ProgramsOnline LearningGetting StartedFinancial SupportAbout FranklinNews & CommunityAlumni ResourcesCurrent Students
image
Home  > About Franklin  > Campus Information  > Security and Safety > Security Frequently Asked Questions Request Info Apply Now
Mission & Philosophy
Faculty Profiles
Accreditation
Campus Information
Contact Directory
Student Organizations


Frequently Asked Questions

What was the nature of the data compromise?

Certain files containing sensitive student information were stored on a server that could be accessed from the public Internet.

What data was exposed?

Name, Social Security number, trimester and course number, email address and student ID number was exposed.        For example:  “Doe, Jane, 123-45-6789, W08, COMP104;;;;;;N;doej;0123456”

When was the compromise discovered, and how many people were affected?

Mid-December 2007; 6,440

How was the problem fixed?

Franklin University promptly removed the information from the server in order to block any further access. A University response team was convened and third party experts were brought in to investigate the exact nature of the compromise, identify the affected individuals and their contact information, and take necessary steps to provide notification and assistance to affected individuals.  As part of its investigation, the team reviewed all other servers accessible via the public Internet to ensure that no other sensitive information could be accessed.

Was the University hacked?

No, Franklin University was not hacked. The University’s network remains secure. The compromise was an isolated incident caused by human error which resulted in the improper storage of sensitive data.

What is the University doing in response?

The University has arranged for the affected students to receive 12 months of credit monitoring to guard them against harm from misuse of their personal data. Under the Experian Triple Advantage Deluxe Program, they will receive daily monitoring of their consumer credit files; email alerts to key changes within 24 hours; unlimited Experian credit reports; and, identity theft insurance. We have sent letters via U.S. Postal Service to those affected, outlining the steps they will need to take in order to enroll in this program.

If I am on the list does this mean I am the victim of identity theft?

No. The fact that someone may have had access to your information doesn’t mean that you are a victim of identity theft or that they intend to use the information to commit fraud. The University wanted to let you know about the incident so you can take steps to monitor and protect yourself. For information on protecting your identity go to the Federal Trade Commission’s Web site: http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/deter-detect-defend.html.

Will Franklin University contact me to ask for personal information because of this event?

No, Franklin University will not do this.  In similar circumstances at other institutions, people have reportedly been contacted by individuals fraudulently claiming to represent the university and asking for personal information.

How does the University ensure that my data is secure?

The University has measures in place to protect sensitive data and to control the handling and protection of sensitive information. An outside consulting firm was engaged to assess the scope of the compromise and to review and recommend how to reduce the risk of future incidents of this nature.

 

Why was I not notified immediately after it was discovered that my information had been compromised?

Once the compromise was discovered, the University began a thorough examination of all of its servers in order to identify all persons who may have been affected by the compromise. This required the assistance of a third party expert.  We also evaluated the various credit monitoring programs available in order to be able to offer valuable assistance to students affected by the compromise.  Finally, we reviewed applicable state laws related to the unintentional disclosure of sensitive data to ensure that our notice was compliant. We then began the necessary steps to notify people whose data was accessible and to offer them credit monitoring.

Why did you notify me via U.S. Postal Service rather than email?

There are several reasons for this decision. First, Ohio law requires us to notify affected individuals via the method most commonly used by us to communicate with our students and graduates. Second, many people have been instructed to disregard email messages regarding personal financial matters, such as information that might come from a bank or credit card company. Because of this, the University was concerned that an email notification might be viewed as spam and disregarded. Finally, we believe we have a more accurate record of students’ U.S. mail addresses than students’ email addresses.  Thus, we are confident we will reach more of the affected individuals this way.

I didn’t receive a notification letter. How can I be sure my data wasn’t affected?

You can call us at 1-877-212-2211. You will be asked to provide us with your first and last name from which we should be able to determine whether your sensitive data was accessible to the public Internet. If additional information is required to distinguish you from others with the same name, you will only be asked to provide the last four digits of your Social Security number.

What should I look for in my credit report?

We suggest you follow the guidance provided on the Federal Trade Commission’s Web site: http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/deter-detect-defend.html.

What if there’s a problem on my credit report?

If you find anything that looks wrong or suspicious or that you don’t understand, call the credit agency at the telephone number listed on your credit report and review the report with a member of the staff. Further information on what to do is available on the Federal Trade Commission’s Web site: http://www.consumer.gov/idtheft/.

What do I do if I am a victim of identity theft?

You should immediately report the crime to your local law enforcement agency, contact any creditors involved and notify the credit bureaus. For residents of Ohio detailed information is available on the Ohio Attorney General’s identity theft Web site, http://www.ag.state.oh.us/victim/idtheft/index.asp. We also recommend following the guidance provided on the Federal Trade Commission’s Web site: http://www.consumer.gov/idtheft/.

I received a notification letter. How do I sign up for the free credit protection?

Follow the written directions that accompanied your letter and use the special promotion code that was assigned to you. If you cannot find your letter or you have difficulty getting enrolled then please call us at 1-877-212-2211.

I did not receive a notification letter. Is there anything I can do to protect my credit?

Yes, we recommend you go to the Federal Trade Commission’s Web site: http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/deter-detect-defend.html.



Apply NowLeadership CenterContact UsCareers at FranklinSite Map  Privacy Statement    ©2008 Franklin University