On April 26, MIT learned that a computer file containing some identifying personal information was inadvertently sent from the office of the vice president for research to an MIT mailing list. The file contained the names and identifying personal information of approximately 800 individuals; about half of those entries included the person's name and Social Security number. About 150 people, primarily members of the MIT community, are on the mailing list that received the information.
As soon as MIT learned that the file had been sent to this mailing list, individuals who received the file were notified that it had been sent inadvertently and should be deleted. In response to this request, nearly all of the recipients reported the file had been deleted and had not been distributed. Measures are being taken to confirm that the same action has been taken by the few remaining recipients.
The Institute also learned about a week ago that PDF copies of 51 applications for the Summer Research Program, which is administered by the dean for graduate students, were inadvertently placed in a location publicly accessible via the Internet for a period of approximately six weeks, ending on May 2. The applications contain certain personal information. Once MIT learned that the copies of the applications could be publicly accessed, all materials were deleted.
Although MIT does not believe that, in either of these cases, personally identifiable information was broadly viewed, all affected individuals have been notified, provided information about how to protect themselves from identity theft, and offered assistance.
Both offices involved have taken immediate steps to prevent a recurrence of this type of situation. In addition, MIT is reviewing potential technology protections and practice changes that could minimize the chance of other inadvertent electronic disclosures of personal information. E-mail questions to infoprotect@mit.edu.
