NORMAN, OK (KWTV)- The U.S. Department of Education has contacted the University of Oklahoma about a lapse in cyber security within the university's internal system—a possible precursor to a federal investigation into whether OU broke a set of federal laws.
"The U.S. Department of Education takes allegations of privacy and data security violations very seriously," Liz Hill, press secretary at the U.S. Department of Education said. "The office of Federal Student Aid has contacted the university to further assess the institution's compliance with its data security safeguard requirements according to the Gramm-Leach-Bliley Act (GLBA). FSA also is reviewing the institution's obligation to immediately self-report any suspected or actual breach of the confidentiality, integrity, or availability of data."
OU's internal file sharing system, the Microsoft Office 360 program "Delve," disclosed personal information, including financial aid and visa statuses, grades and social security numbers of nearly 30,000 students dating back to 2002.
"Some sensitive files were inadvertently made accessible to OU account holders due to a misunderstanding of privacy settings," OU's Vice President for Enrollment and Student Financial Services, Matt Hamilton said. "No unauthorized party accessed any of the files…"
Student personal information is protected under the federal Family Educational Rights and Privacy Act (FERPA) as well as the GLBA. A breach in those laws could result in loss of certain kinds federal funding for OU.
"We have not sent out an email. Rather, we issued a public statement explaining that the situation had been resolved," OU Senior Associate Vice President for Public Affairs, Rowdy Gilbert said in an email. So far, the school has not notified students via an internal message.