[BreachExchange] Data breach: ASU accidentally reveals email addresses of 4, 000 students

Destry Winant destry at riskbasedsecurity.com
Tue Aug 20 01:42:22 EDT 2019


TEMPE, AZ (3TV/CBS5) -- Arizona State University has notified 4,000
students that their email addresses "were accidentally revealed" in a
large data breach.

ASU told the students on Aug. 16 it happened in late July when a
university office sent bulk emails about renewing health insurance
coverage without masking the identities of the recipients.

Some of the email addresses revealed recipients' names, as well.

This unintended action is considered a data breach under the Health
Insurance Portability and Accountability Act (HIPAA).

"The only items of protected health information (PHI) released were
the students' email addresses. No other PHI was released," stated the

The university was able to limit the release of information by
deleting more than 2,540 of the messages from ASU email inboxes.

More than 1,130 of those emails were unread.

ASU also says that procedures have been "revamped" to bolster
protection of information, including establishing more review and
approval levels for mass email distributions.

The student notification included details on assistance resources
available to all ASU students, faculty, and staff.

More information about the BreachExchange mailing list