Dear Members of the Georgetown University Community,
We are writing to inform you that following a maintenance and outage period of the Banner student information system, a subset of student users in the GU Experience platform were able to access certain student data from current and former students. This was not the result of an external attack or security compromise of our system, but instead an inadvertent setting change that allowed a subset of existing users with GU IDs to gain access to data that would otherwise only be used by administrative staff. This access setting was resolved by 8:30 a.m. this morning.
This period of unauthorized access occurred between the hours of 8 a.m. on Wednesday, October 16, to 8:30 a.m. on Thursday, October 17, and the data included sensitive personally identifiable and academic information.
Our initial investigation determined that 29 current or recent Georgetown students may have accessed unauthorized data. We have contacted the individuals who had unauthorized access and instructed them to delete any data that they may have obtained. Using, sharing, or saving any of this data could violate University policy and have legal ramifications. We will follow up with more information for users whose data may have been exposed.
We take data security and the privacy of our students very seriously. We recognize this is unsettling news and regret that this occurred. We will continue to investigate this data exposure and implement safeguards to prevent it from happening in the future. We will provide additional information as it becomes available.
Sincerely,
Doug Little
Chief Information Officer, University Information Services