UT Austin Hit By Massive Security Breach

mrpuffypants writes "Reported in the Austin-American Statesman: The University of Texas' security was compromised over the weekend, leaking out nearly 60,000 records on students, staff, and faculty. Official word from the school can be found here. Most troubling of all is that, like most schools, UT still uses SSNs for student ID numbers, and that was part of the information taken from them in the attack."

I used to go to UT Austin

[JJAnon]

and so far, there has been NO communication from UT about the possible theft - the only reason I heard about it is that someone forwarded the article to me this morning. UT seems to be adopting a 'lets-hope-nothing-screwy-happens' attitude to the whole thing, and that is very worrying. There is no way to tell if your ID was one of those stolen - which strikes me as being a little weird. It would make sense to inform the affected individuals as soon as possible, so that they could start being a little more vigilant about their credit histories. But apparently that goes against the wishes of the authorities up high.

Re:What is SSN?

[eglamkowski]

Social Security Number. Required in the USA for tax purposes and for receving social security benefits.

Re:Illegal?

[JJAnon]

It is not illegal - at least in Texas. UT has been promising to transition to a UT-EID (electronic ID, an alphanumeric identifier) for a while, and I think the current schedule is for it to happen this Fall, but it still uses SSNs for identification.

Probably just a student...

[$$$$$exyGal]

I'll bet this attack was done by a student to get more information about which college freshman girls to harrass. When I went to college, the online phonebook did not include gender, or year by default, but you could get that information if you clicked a few checkboxes (but only one student info at a time). A friend of a friend of mine (at the time) wrote a simple script to harvest all of the data. He was never contacted for doing anything wrong.

What's the big panic about SSNs?

[Gordonjcp]

Seriously. In the UK the closest equivalent is a National Insurance number, which you give out to quite a few people. Banks often want this (because it's unique to you, which makes record-keeping easier). Your employer will want it, so their accountants can calculate your tax. Your doctor will probably want it, again, because it's a unique identifier.

Why are Americans so paranoid about who knows their SSN?

It's not the IT department.. it's the provost

[agrounds]

I used to admin at a University. One of the most frustrating things I encountered was the incessant desire for there to be no restrictions on any of the computing systems that the students used. This includes the servers. The firewall was just an expensive router. We were not allowed to run blocks from the internet to inside IPs, as that defeated the spirit of free access. I tried to explain why it was a 'Bad Thing(tm)' repeatedly, but alway met with resistance from the shared governance committee. One cannot blame the administrators in this thing. I assure you they feel just as powerless as I did. This kind of thing will become more and more rampant as clueless faculty (or upper-management in the business world) are allowed to influence major IT decision-making.

Re:As a recent graduate...

[binaryDigit]

What steps can one take to protect one's identity?

You can't (not to say that you shouldn't make it more difficult, but just don't fool yourself into thinking that it's possible to do absoultely). It's like your house or car, you can take steps to make it more difficult to break in/steal, but there is absolutely nothing you can do to stop someone is wants to target YOU. So the best thing to do is to introduce a bit of paranoia in your life and assume therefore that it COULD happen and adjust accordingly. So for you're indentity, you do regular checks of your credit report, you keeps tabs on your bank accounts, you review your credit card statements, etc. The absolute worse thing that can happen is for someone to grab your identity and use it for a length of time without your knowledge. Getting your cc company to forgive unauthorized purchases is easy, as long as you do it within 30 days of your statement. Having someone apply for a cc with your info can bite you in the butt if you're trying to buy that car or get that mortgage, so you make sure you check well in advance and make sure that window of exposure is a small as possible.

Re:Are the stolen records ever used?

[HotNeedleOfInquiry]

Yeah, they get used, mostly in foreign countries. As a merchant who got stiffed for $1700 on one of those uses, I'm not inclined to discuss how it was done on Slashdot.

No offense.

Re:As a recent graduate...

[bpfinn]

If you are worried about credit card fraud, then you can contact the big credit agencies to check your credit report. They are:

• Experian [experian.com]
• Equifax [equifax.com]
• Trans Union [transunion.com]

Review who is looking at your credit report, and report suspicious activity to them. Having seen a few personal credit reports of people who were using their personal credit to establish a business line of credit, I've seen statements on them like: "Don't issue any credit to this person before contacting me at 111-222-3333".

Isn't there a law??

[PDXNerd]

A few years ago I got a new bank account and they told me that due to a federal social security law they could not use my SSN as an identification source and that anyone who used it as such was breaking the law.

I know that many institutions and businesses use it (SSN) that way, but isn't it against the law? Or did I misinterpret the statement from the bank?

Re:Slightly OT - choice of credentials

[sweetooth]

Google can answer most of your questions with nifty links like this [privacyrights.org], or this [cpsr.org].

Who would have thunk it?

Re:Penalties

[Conare]

"I work in health care, and with HIPAA coming into effect, we've been moving a substantial part of our network off the internet -- if there's no physical connection, we can't get hacked. " Oh really? Something like 60% of breaches are internal. What are you going to do now? Put everyone on their own separate network? We are going to see a lot of medical data stolen since Bush took the teeth out of the HIPAA requirements.

UT students in the dark

[sahidrajar]

I currently am a student at the University of Texas at Austin. The spineless fuckers in administration still have yet to inform us about our possible exposure. They may have only release info to the public about this yesterday, but as a current student, and employee I feel that I should have been informed first, not by my mom calling me at 8 am this morning, asking what the hell is going on at UT. Besides, you can't trust a University that claims a budget shortfall, but pays $400,000 for personal consulting for the UT President so he "looks like a more kind, and understanding person." One last thing, test forms that you hand out here have a field for you to bubble in your SSN as a unique identifier. Last I checked, isn't that a violation of the Social Security act?

Re:Slightly OT - choice of credentials

[parc]

There's a problem with your statement "They're unique and everyone already has one." First, not everyone has one. You were not legaly required to have an SSN until 20 or so years ago. Of course, without one you can't get social security benefits.

A bigger problem is that everyone assumes SSNs are unique. They aren't. At best they can only uniquely identify 1 billion people. "Easy," you say, "There aren't 1 billion people in the United States." There were 281 million in 2000. The birth rate is 14.5 per 1000, and the death rate is 8.7 per 1000. While the birth rate is declining, the life expectancy of a person is lengthening. Additionally, it can not be expected that the birth rate will continue to decline to 0. This means that, while it won't happen any time soon, eventually there will be more than 1 billing people in the US.
The next problem is that when you die, your SSN is NOT REUSED until your estate is closed, at a minimum. My mother's estate was not closed for nearly two YEARS after her death, and hers was a simple estate. Some accounting setups could cause you SSN to be used for many years after your death.

Re:Illegal?

[kperrier]

There's been a little blurb on the bottom of the Social Security cards which says "Do not share this number, or disclose it to anyone not representing the Social Security Administration".

Lets see. (pulls out wallet and get SSN card)

Nothing on the front but my name, SSN, my signature and the Social Security logo.

On the back I have this:

Do not laminate this card.

This card is invalid if not signed by the number holder unless health or age prevents signature.

Improper use of this card and/or number by the number holder or any other person is punishable by fine, imprisonment or both.

This cars is the property of the Social Security Administration and must be returned upon request. If found, return to:
SSA-ATTN: FOUND SSN CARD
P.O. Box 17087 Baltimore Md. 21203
Contact your local Social Security office for any other matter regarding this card.

plus the SSA form number.

Nope, don't see anything telling me not to share this number....

Kent

Re:SS as ID is INSANE!!!

[rela]

And isn't it illegal to use S.S. numbers as a form of ID in the states?

A common misconception. Federal agencies are now somewhat restricted in how they use it (5 U.S.C. Sec. 552A) and some states have laws about it in certain circumstances, but one the whole there's nothing illegal about it.

Some Googling:

http://www.cpsr.org/cpsr/privacy/ssn/ssn.faq.html# IsItIllegalToAsk
http://www.lawcommerce.com/newsletters/art_OHS_emp loyalert0205.asp
http://www.usdoj.gov/foia/privstat.htm

I'm sure intrepid Googlers out there could find more.

Re:What's the big panic about SSNs?

[OrbNobz]

Or close your bank accounts.
Or get a driver's license.
Or sell it.
Or make your life a living hell until you can change it.

- OrbNobz
"Mind if I drive?" "Not if you don't mind me clawing at the dash and screaming like a cheerleader." - Sam n' Max (vice versa anyway)

Re:Isn't there a law??

[Dahan]

In general, government agencies (other than the IRS) can't require you to give them your SSN. There are a few exceptions though... and some govt. agencies want you to think that you need to give them your SSN when you don't actually need to. As an example, if you apply for a passport, the form [state.gov] threatens you with a $500 fine if you don't fill in your SSN. However, it's the IRS that wants to know if you're applying for a passport--you can actually tell the IRS directly, rather than sending your SSN to the State Dept. and having them tell the IRS.

Private businesses can request your SSN if they want... you don't have to give it though. But if you don't, they don't have to give you whatever you're looking for either :)

However, UT is a public school and is subject to the restrictions on government agencies... here's [uncg.edu] a page with some info on the use of SSNs in public schools.

Anyways, as a former UT Austin student, I'd be annoyed if my SSN was one of the ones that got out... and if so, I wonder how UT plans on contacting me--as far as I know, they don't have my current address, phone number, or any other type of contact info. As a side note, the first year I was there (1988), a lot of professors posted exam grades outside the classroom indexed by SSN... I guess someone put a stop to that :)

Re:Slightly OT - choice of credentials

[Politburo]

According to the gov't SSNs are never reused currently. Here is the link. [ssa.gov] This link may timeout.. but it is in the frequently asked questions at ssa.gov. [ssa.gov]

Re:Action

[Orne]

Maybe the ACLU could give them some pointers [foxnews.com] about what to do...

Re:I used to go to UT Austin

[Sgt York]

That's really odd that you haven't. I'm at UT in Houston (the grad school), and I got an e-mail about it this morning from our departmental IT person. The only reason we didn't get it sooner is that we've been on a retreat since Monday.

As for student notification, go to the bottom of the UT article; The last section is headed "How will affected individuals be notified?" and gives an e-mail address.

SSN at UT

[yar]

I have both attended at work at UT in IT, so I can give you my observations.

For many years, UT had a non-centralized IT infrastructure. That is, the Colleges did one thing, the Administrative Computing Group did another thing, the Academic Computing Group did yet another thing, and the Libraries something else entirely. This was recently changed with the introduction of a new Office of Information Technology head by a new Vice Provost (Dan Updegrove, originally at Yale). One of the very first things I heard him address was the Social Security number problem in which every student, faculty, and staff member used their SSN as their ID. That practice had to change in order to meet both legal and privacy standards (see FERPA [cpsr.org]) , and UT has been trying for the past couple of years to make that happen. The trouble is, it was so integrated into all of the different services and departments that it is a slow process to remove it. They started to phase it out, but now UT is seeing the effects of this particular practice. I'm likely one of the ones who will be affected, so I'm waiting for them to announce where people can find that out. (It may be at the UT site, http://www.utexas.edu/datatheft/ [utexas.edu].

The Daily Texan (student newspaper) has an article about the theft [dailytexanonline.com], as does the Houston Chronicle [chron.com].)

By the way, your Social Security Number isn't public information. It is required for use by some agencies of the government, but you are not required to provide your SSN to private groups unless they need to interact with certain government agencies (this includes your employers, who deal with the IRS). That being said, SSNs are so commonly used a search may pull up that information- but that doesn't mean it is legally public info.

Re:Clarification?

[nfsilkey]

Externally, the SSN is still used at UTexas. Students and staff/faculty find their SSN dabbed all over financial, registration, grading, housing, and employment information. Internally, the SSN is the identification method that makes the world go round in many MANY aspects on campus.

Such a transition will be entirely difficult and time-consuming. The university is interested in making the transition, but the issues which arise from a multitude of departmental management techniques are wide-ranging and difficult to tackle. The recent changes to the UT EID system (a unified login scheme to manage campus life and services) are just the beginning og a long uphill IT battle that is being tackled (...we hope ;).

Re:Penalties

[BrianH]

Won't work. Most colleges today have web based facilities that allow students to review and update their registration info. Heck, the college I work for allows web users to do everything from change their name, to register for classes and financial aid, to connect to our alumni association and donate money. When you have that kind of functionality online, you are forced to have realtime (or near-realtime) communications between the backend administrative systems and the frontend web systems. With comprehensive web-based applications like this, you can make them hack-resistant, but never hack-proof.

Re:Action

[number6x]

Social security numbers are not guaranteed to be unique! In the early days it was allowed for an individual to share their number with a non-working spouse. The spouse recieves reduced benefits after the primary has died.

I've contracted at several major health insurance companies. That's where I first encountered records of two individuals with the same number. This is no longer allowed.

I believe the numbers could be re-used after death, but I haven't seen this my self. Maybe someone out there in /.-land has better info on that.

last semester for SSN identification

[dj_whitebread]

Just to let everybody know, this was the last semester that UT was using SSN's as id's. We are in the process of switching over to what they call the EID. The EID is just a text string (similar to a user login). This is what we have to use to access online services for several years. Within months it was going to be our official identifier in all of the university's systems.

Re:Action

[cdrudge]

Is it illegal to use the number for identification or is it illegal to require the number for identification. I know that the college I attended, they would use your SSN if you provided it, but they would assign another SID if you asked them to without penalty. On financial aid information though, your SSN is required.

Re:I used to go to UT Austin

[Cowboy]

from the following URL [slashdot.org]...
Am I Affected?
Is your SSN in the following ranges?

449-31-98xx - 450-91-24xx
451-12-32xx - 451-20-35xx
451-20-64xx - 452-20-40xx
If so, within these ranges, 55,200 people of the following types, including but not limited to:

Current students, faculty and staff
Former students, faculty and staff
Job applicants
Retirees
may be affected.

another reason they aren't unique

[JeanBaptiste]

In US territories a ssn is often assigned to a family rather than to an individual. Then the children of the family come onto the mainland for college. A bit of a mess when a large puerto rican family has 8 kids that all go through the same college.

Re:As a recent graduate...

[FatAlb3rt]

contact the credit bureaus - there's 3 major ones - Equifax, Trans Union and Experian. tell them what happened, they can flag your acct so you have to contacted at your home phone before any acct is opened in your name. Here's [ftc.gov] more info...

Re:What's the big panic about SSNs?

[TuxGrep]

So, do you provide those documents when you apply for a credit card via mail?

Again, it might surprise some of you ;-), but this is exactly the reason you can only apply for a credit card (loan, mortgage, etc) IN PERSON.

Sounds inconvenient ? Well, it depends on how secure you need to be. Typing in passwords is inconvenient as well...

Re:What's the big panic about SSNs?

[TuxGrep]

That's funny. Those ten or so credit card applications I get in the mail each week say nothing about coming to see them IN PERSON.

From that I can only assume that you live in the US ? Which, I guess, just proves my point that it is a system just waiting to be abused.

Never mind what those spams may say, in Europe you cannot get a bankaccount without applying in person. I guess there may be CC companies that are so eager to close that they trust me without proof. But I reckon that even those will send letters to your address that you have to return to them, signed. Which does prove at least two things to them: (A) you have physical access to the mailbox/streetaddress you supplied, and (B) they have your signature on paper, which can be useful to prove you signed it (and if need be, all the way though handwriting recognition experts).

In any case, that is better than nothing.

Learn about fraud alerts

[Davorama]

I highly recommend to everyone to read this page carefully

http://www.fightidentitytheft.com/flag.html

and if the drawbacks don't sound too bad (think carefully!) make the calls. It takes about a half hour. Much less than the time you'll spend untangling the mess of an identity theft. You may also consider calling your bank and creditors to ask them to put similar holds on your contact info so that some clever scammer doesn't have your statements forwarded to Timbuktu, thus gaining them extra time to run amok and causing you even more grief. This isn't paranoia talking, it's experience.

Here are the numbers.

Credit Bureau Fraud Departments

TransUnion
Fraud Victim Assistance Department
Phone: 800-680-7289

Equifax
Consumer Fraud Division
Phone: 800-525-6285 or: 404-885-8000

Experian
Experian's National Consumer Assistance
Phone: 888-397-3742

Re:Action

[sjlutz]

Actually, it is illegal for anyone to ask for you social security number except for:
1) The purposes of reporting individual tax information (such as wages and salaries).
2) The payment and qualification for social security benefits.
Alot of people do not believe the above, because they have gotten used to it and have accepted that people will use their SSN for means of unique identification number. It's great for database developers to just use your social security number as your customer ID. Because we know that SSN's are unique. Example, if you go to a hospital, what do you think your ID is? Now, you have the absolute, 100% right to refuse to give ANYONE your social security number. (Aside for the above reasons) In the above example, the hostipals will probably insist. But they most definately treat non-americans (either visiting the US or here on a Visa). These people do not have SSN's. The SSN's have become a defacto National ID card only because people have let it become so. That being said, your social security number is NOT a national ID card system, although it is being used like one whether we like it or not.

Re:What's the big panic about SSNs?

[tlk nnr]

So, do you provide those documents when you apply for a credit card via mail?

In Germany, the post offers a service called postident [deutschepost.de] - the mail carrier will only give you the letter if you show him your passport, and he'll send the passport number back to the sender of the letter.

The system is in place for years, afaik it's the only way to open accounts at internet only banks. No need for a magic SSN.

University of Florida

[Anonymous Coward]

Here at the University of Florida we have just moved to a new system called the UF-ID system. Students had to get recarded. It took almost a year to re-code all of the University's systems (housing, accounting, libraries, etc) but we had a successful launch on January 21st 2003. The system works great and ties in directly with the University's new ActiveDirectory that was established for the entire campus.

Furthermore I think the FERPA (Family Educational Rights Protection Act) makes it illegal to use even partial identification numbers to post grades. You can read more about the University of Florida's system at http://ufid.ufl.edu [ufl.edu]

Re:What's the big panic about SSNs?

[ClipDude]

Opps, sorry. I didn't realize you were talking about outside the US. (Now I feel dumb.)

You are exactly right, the system is pretty much screaming "abuse the hell out of me".

Here, you can pretty much get credit card applications with no effort. When I buy a book from my campus bookstore, it comes with a damn credit card application stuffed in it. The credit card companies decided, I guess, that it is profitable enough to make credit incredibly easy to obtain that they don't mind eating the cost of occasional fraud. Unfortunately, this hurts those whose identities have been stolen, as they have to take the time and effort to clear their credit rating.

It is a bit of a necessary evil

[christopher240240]

I work in the admissions department of a Community College which uses SSNs for SIDs. One of the reasons that it is almost necessary to use the ss# as the identifier is because of the transcripts that we require for admissions into certain degree programs. We have about 20,000 unidentifiable documents that have only the name as the identifier on them, and 99% of these documents use maiden names, so without some uid (even as little as a current name and a birth date) , they are utterly worthless, and thus end up in a dead letter office. I personally recieve the same documents over and over again, but without the sending party taking the step to identify people, the documents aren't processed and people are denied admission because they miss deadlines.

Re:Action

[mr. methane]

There are some "validations" in the SSN. One of them makes it easy to spot a "number picked at random", and the other, which you do need a lookup table for, tells you when the number was issued and in what area of the country it was issued.

Anyone born in the last 15 years has often had an SSN assigned shortly after birth. Previously, it was typically issued when you opened your first bank account, or when you took your first job.

So that, combined with a person's age (or reasonable approximation) has a strong correlation for checking validity.

If you see a 45-year-old male with a brooklyn accent showing up with an SSN that was issued five years ago in Oregon, it would raise an eyebrow or two.

Back to this breakin.. It's time to treat data repositories like banks: Regulate them, and refer anyone who even tries to break into one to www.bop.gov for a nice long visit.

Am I Affected?

[AggieScott]

Is your SSN in the following ranges?

* 449-31-98xx - 450-91-24xx
* 451-12-32xx - 451-20-35xx
* 451-20-64xx - 452-20-40xx

If so, within these ranges, 55,200 people of the following types, including but not limited to:

* Current students, faculty and staff
* Former students, faculty and staff
* Job applicants
* Retirees

may be affected.

Princeton's security breach ...

[x-empt]

Funny how this security breach at Princeton never got the media attention it deserved:

http://www.ispep.cx/files/tucson.princeton.edu.txt [ispep.cx]

Mod this up as Informative...

There's a lot of that going around lately

[shutton]

The Indiana University School of Medicine [iu.edu] was hit [indystar.com] recently. Not just social security numbers, but medical records, too--everything you need to know to become someone else. All these poor folks were patients of their sleep clinic. I guess they have something else to keep them awake all night now...

Not Unique

[nfsilkey]

This isnt an isolated incident, rather its a trend. Big state universities are a target for hack attacks unfortunately.

Kansas University was hit hard in late January. SEVIS was pilfered, Student Exchange Visitor Information System; part of the Patriot Act)

Info here [ku.edu].

Re:Why there hasn't been any reform on SSNs

[bluesangria]

If SSNs were only supposed to be used by the IRS, and the current system is so ripe for abuse, why hasn't there been a law against using SSNs for non-tax purposes?

It's a little-known and often-ignored-anyways fact that businesses and schools, etc. are NOT supposed to use your SSN for identity purposes. You have the legal right to DECLINE giving your SSN for any reason other than tax purposes (i.e. employer records, etc.)
When it started becoming more and more common to ask for SSN as an identifier, people just forgot that they could say "No", and presto! instant "standard".
FYI, if you are ever the victim of "identity theft" - credit cards issued in your name, bank accounts opened with your SSN, etc. - be aware that you are NOT allowed to change your SSN for any reason other than your life is in danger, i.e witness protection program. Harrassing bills for stuff you never bought? Hundreds of dollars spent faxing, duplicating, and mailing off documents to all the credit agencies explaining that your identity has been stolen? Tough cookies.
Another FYI, I have never had a fraud investigation department have anything more than a passing interest in WHO might have perpetrated the crime. The only thing you can do is re-new the flag on your credit report so that people HAVE to at least contact you by voice to allow a credit app.
My advice to anyone who has had their identity stolen - don't procrastinate in notifying the police and the major credit agencies, in writing, about your situation. Cancel any credit/store cards you don't use - make ESPECIALLY sure the account is permanently closed and not simply dormant to be reopened at a later date. I know for a fact, SEARS is guilty of that.
Finally, periodically request copies of your credit records to check for any unusual activity.
It'll be a looong time before the problem goes away.

blue

Re:What's the big panic about SSNs?

[Jucius Maximus]

" He's not talking about the US. In many countries you can not apply for credit via mail. The fact that you can do it in the US surprises many non-americans."

This surprises me as well, and I am from Canada. I have actually never applied for a credit card in person. I've done it by internet and by mail. Sometimes you have to pick it up at the bank branch, other times it comes in the mail to your home.

I actually work in the Credit Card division (VISA or Mastercard, but I won't tell you which ;-) of one of North America's 10 largest banks and I can tell you that this 'not in person' system DOES have its problems. Fraud is the curent biggest monetary loss for the bank. I won't post some of the methods the crooks use to take advantage of this mail and internet system (because I don't want to help budding fraudsters,) but it is truly nefarious. Fraud of credit cards is actually incredibly easy in Canada and the US, and it's going to get worse before it gets better. One big problem is that you don't need a PIN for the cc's and it is very rare that a merchant actually looks at the signature on the card. You could sign any old name and get away with it.

Now in Canada the system with SIN (social insurance numbers) is better than the US because by law, they can only be used for purposes related to paying taxes to the government. My SIN number is only used when starting a new job, opening a bank account that earns taxable interest, applying to university, paying taxes, and that's about it.

Biometrics are bad m'kay?

[xixax]

While biometrics might be OK as part of a comprehensive security system, they do have problems all of their own, for a start, you can't isue someone with a new thumb [counterpane.com] if the system gets compromised. (say if I manage o get a silicon cast of your thumb).

Then there was the amusing experiment where a bunch of Germans managed to fool retina scanners using printed images of eyes that could be taken at a reasonable distance with a camera.

Xix.

Perspectives from one of UT's sister universities

[Pulsar]

I'm a student at UT-Arlington, the next largest school in the UT System. Last October our Student Congress passed a resolution I wrote asking them to basically make it easier for students to be able to request to no longer use their Social Security Numbers as their ID # - UTA currently has a system in place where you can request to use a randomly generated ID# instead of your SSN, but no one knows about it and they don't advertise it or make it easy.

The administration's response was "Come Summer 2005, when we have our new Student Information System, we won't use anyone's SSN" but that in the meantime, we're screwed because they weren't going to change anything.

A month ago I discovered the 'secure' portion of the Housing department's website had been indexed by Google, including the ID # (Social Security Number) of all 1200+ residents living in the on-campus dorms. This highlighted the need for the immediate cessation of collecting and storing SSN's, so I've introduced a follow-up resolution our Student Congress is looking to pass soon basically demanding each department document every way they use SSN's and the security measures in place to protect them, after which we want a committee of students and faculty to go through the documentation and approve or deny their use and storage of the SSN's.

Our school paper, The Shorthorn (www.theshorthorn.com [theshorthorn.com]) is supposed to do a story in tomorrow's (Friday's) issue concerning the leak at UT-Austin and the fact that administrators so far at UT-Arlington are ignoring the need to provide secyrity for SSN's NOW, and not just in 2005.

It should be interesting to see if the administration has finally 'seen the light' and will listen to us, this time.