Application security, Breach, Data Security

DePaul University group email exposes employees’ info

January 9, 2019

A group email recently sent by DePaul University reportedly exposed the names and email addresses of 656 employees who had completed the school's wellness program.

According to Crain's Chicago Business, the Chicago-based private university sent congratulatory emails to faculty members last Dec. 14, but neglected to use the "blind copy" feature. Consequently, recipients' names and email addresses were visible to each other.

"This is information we simply did not intend to share, and as a result we would kindly request that you delete the email," DePaul University reportedly told affected individuals in a notification email." Going forward, we will be taking steps to prevent any recurrence, including automating future emails on this subject. In the meantime, given the very limited content in the email, we have no reason to believe that the information shared creates any risk of identity theft or other harm and therefore do not believe you need to take any further steps at this time."

Crain's also noted that DePaul reported the incident to the U.S. Department of Health & Human Services.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.