Some Scripps College students received a letter in early July from President Lori Bettison-Varga stating that an unauthorized individual outside of the college might have received access to students’ personal information, including name, birthdate and Social Security number.
“To be clear about it, it wasn’t that SSN were shared, it was that they may have been seen by the unauthorized person,” Bettison-Varga said. “It wasn’t an intentional breach or sharing, it was an employee who is no longer at the college, a former employee, who had been seeking help from a financial aid professional. In the course of that help, student Social Security Numbers could have been seen.”
Staff and faculty were informed in an e-mail July 13 that the letter had been sent to affected students. The college set up a call center that students could contact with questions.
“If people called in and had specific questions or needed specific help if they were concerned in particular about any of their information,” wrote Marylou Ferry, Vice President for Communication and Marketing, in an email to TSL. “Those were handled on an individual basis.”
Additionally, a copy of the letter was sent to the Attorney General’s office of each state where affected students reside. It is required by law to notify the Attorney General when personal information has potentially been disclosed to unauthorized persons, Ferry wrote.
The general student population was not notified about the information conveyed in the letter.
“The people that were impacted were the people that we felt needed to be notified of the potential that someone else saw some financial aid information,” said Victoria Romero, Vice President for Enrollment.
Ferry and Romero declined to comment on personnel issues regarding the former college employee who had sought assistance outside of the college to evaluate and prepare financial aid packages. Bettison-Varga said that protocol in the Office of Financial Aid will remain the same, despite this incident.
“We follow all of the laws, the policies,” she said. “Our employees sign a business code of ethics. We have password protected files and databases that very few people have access to.”
She added, “We cannot, of course, control any one individual person’s response. We trust our employees. I can say that we follow all of the guidelines for keeping personal identification information private.”
The college has not provided any additional information that was not conveyed in the letter, leaving some affected students frustrated. After learning from her parents that she had received one of the letters, Kari Geiger SC ’13, who was working on campus during the summer, approached the Office of Financial Aid for more details.
“I immediately walked over to financial aid because I was really angry and everyone didn’t really know what to do with me,” Geiger said. “It was frustrating because I had to keep walking around and nobody had any specific, reassuring answers for me.”
Shortly before the letters were mailed, Bettison-Varga sent an e-mail to the Scripps community stating that the college had misreported average cumulative loan debt statistics.
According to Bettison-Varga, the “Social Security Number situation was separate” from the incident of loan misreporting. The college has provided more information about the misreporting of loan statistics than about the possible information leak.
In her e-mail, which went out June 28, Bettison-Varga said that the college had underreported “average cumulative loan debt for graduating students for approximately 10 years.”
The data accounted for subsidized federal loan debt, instead of a comprehensive number accounting for federal, private and institutional debt incurred.
“As soon as we realized that, we tried to act quickly to be transparent and let people know that we were going to do the work to correct the numbers and to report accurately in the future,” Bettison-Varga said.
Independent accounting firm Grant Thornton is currently conducting a forensic audit review that the college hopes will be complete by Novemeber, Romero said. Parts of the report will be released.
Scripps voluntarily reports this data to the Common Data Set (CDS), which then uses the information in higher education publications. According to Ferry, after the misreporting was discovered, the college contacted publications that had used the incorrect figures in calculating best value rankings.
Bettison-Varga said that the college is working to prevent misreporting in the future.
“We are going through and establishing very clear guidelines for reporting data to these different surveys,” she said.