STLCC students are exposed to data breach

By Joshua Phelps
The Scene staff

St. Louis Community College mistakenly emailed personal information on nearly 4,000 students to Bayless School District in south St. Louis County.

Savala
Savala

“On March 1, student information was sent to a school district that STLCC partners with,” said Nez Savala, communications manager for STLCC. “Once it was discovered that the information was sent, we followed up right away and contacted the school district.”

Bayless quickly deleted the email, Savala said, and the college was able to confirm that the information wasn’t downloaded or shared.

The information included names, addresses, student-identification numbers, email addresses, phone numbers, enrollment terms, dates of birth, high schools, majors, genders and races.

The information didn’t include Social Security numbers, Savala said.

“A lot of this data could be considered directory information, but there’s things in there that could not be considered directory information,” she said.

Savala said STLCC notified affected students of the data breach by sending them letters within three working days.

The college set up a “response center” for students who have questions about the data breach and is providing additional training to staff in “data minimization and handling of sensitive data.”

The response center has received inquiries from about 50 students, Savala said.

This is the second time in a little over a year that STLCC has discovered a data breach. Last March, the college mistakenly emailed personal information on 362 students to other STLCC students.

That included names, email addresses, student-identification numbers and home addresses.

The college immediately reported the incident to federal agencies to let them know what happened, Savala said.

“We followed protocol,” she said. “We followed procedures. We made sure to contact the students who were affected to let them know what happened and gave them contact information for any questions.”