Confidential data compromised at Dixie State College

Identities of more than 10,000 individuals with ties to Dixie State College may have been compromised sometime last month.

Officials Tuesday released information on a possible breach of information on the St. George campus that may affect alumni and current and former Dixie State College employees.

On Sept. 11, an anonymous caller contacted staff about an incident during which they accessed numerous confidential files containing personal information, including Social Security numbers, birth dates and addresses and other information, said Steve Johnson, the college's public relations director. The information that was accessed by the unauthorized user, however, did not include any financial data or credit card information.

Upon learning of the incident, information technology officials immediately deleted the files, which contained approximately 11,000 names of those who graduated or worked at Dixie from 1986 to 2005, from the server. Law enforcement and internal investigation teams were also notified and are reviewing access logs from the school to determine if this was an isolated event.

"At this time, there is no evidence that the information has been misused," said Gary Koeven, dean of information services at Dixie. "However, we take this risk very seriously."

Koeven said steps are being taken to contact and notify those involved, as well as the entire campus community. It remains unknown whether any information was taken from the server, although officials have confirmed the files were accessed.

"We know someone innocently found it," he said. "If one person was able to get to it, it meant that it was possible for others to do so." The search tool used to access the files was eliminated from the page where the user accessed the information as soon as staff were notified.

"The chance of malicious use of this information is pretty small, but if it has been accessed, we can't be sure," Koeven said.

Security processes at the college are being reviewed, and Johnson said everything possible is being done to strengthen the current system against similar incidents in the future.

"We regret that this incident has occurred, and we want to let everyone in the Dixie State College community know that we take this matter and all security issues very seriously," Dixie State President Lee Caldwell said. "We know and understand the danger of identity theft, and we are committed to ensuring that this does not happen again at this institution."

Those potentially affected are urged to monitor their credit card statements and request a credit report, even place a fraud alert if the level of concern is high. Information regarding the issue can be found online at www.dixie.edu/idprotect. Dixie State College has also established a toll-free telephone hotline at 866-295-3033. Concerned individuals can also e-mail questions to idprotect@dixie.edu.

---

E-mail: wleonard@desnews.com