CU Boulder campus aerial view

Student applicant data security incident

Submitted by stauffeg on

On September 16, 2022, the Office of Information Technology (OIT) was advised by the Office of Admissions that they received a report of student graduate program applicant information in an unsecured online location. OIT identified the source of the content and immediately suspended access to the data. A forensic investigation revealed that applicants to eight graduate programs from 2012-2017 within the College of Engineering and Applied Science’s department of Civil, Environmental, and Architectural Engineering had their application information accidentally publicly exposed. Most of the data that was exposed involved information that is part of the public record, like name, address, and email. A select few applicants did have highly confidential personally identifiable information (PII) exposed. This includes passport numbers and social security numbers provided to CU Boulder as part of transcripts from other institutions.  

On October 13, 2022, the university’s security team completed its review, and is notifying impacted individuals and offering them identity theft resources. Qualifying individuals who may have had PII compromised will be provided credit monitoring, identity monitoring, fraud consultation and identity theft restoration; note that individuals must have established credit in the U.S., have a Social Security number, and have a U.S. residential address to enroll.

If you have additional questions or concerns regarding this matter and the handling of your personal information, please do not hesitate to contact OIT at 303-735-4357 or oithelp@colorado.edu.