Suffolk Community College has agreed to pay a company for the next year to monitor the credit of 300 students whose last names and Social Security numbers were mistakenly listed in an attachment to an e-mail sent to those students last month.
Mary Lou Araneo, college vice president, said Sunday there is "no indication" that any of the personal information has been misused, but added that the college decided "it was the right step to take the extra precaution" to minimize students' risk of identity theft.
The error, said Araneo, occurred late in the day Sept. 17 and was discovered the next morning. She said college officials immediately shut down the server and took steps to retrieve unopened messages and attachments. She could not say how much of the personal information was recovered or whether anyone was disciplined for the security breach.
Araneo declined to comment on whether the college would be liable if student's information was misused, saying such circumstances are "conjecture" at this point.
The same day the college learned of the problem, Araneo said school officials mailed a letter to inform students of the problem and alert them to immediate steps they could take to protect their personal data, including registering an alert with the three companies that monitor credit information.
Within a week, Araneo said the college sent a second letter, giving students directions on how to get the free credit monitoring service from Trans Union Llc for the next year. Araneo could not say how much the service will cost the college and TransUnion officials did not return calls for comment Sunday.
In 2006, the Social Security numbers and birthdays of 3,900 college employees and former workers were made publicly accessible for two days on an Internet server. But school officials say the information was protected before it could be pilfered.
Later in 2006, a school security guard was arrested on identify theft charges for using the personal student and faculty information to make credit card purchases.