A data breach of a White House-recommended vendor compromised the personal information of nearly 80,000 California college students who had signed up for a mandatory online sex violence prevention course, officials revealed Tuesday.
Students at eight California State University campuses had information such as their login names, course passwords, campus email addresses, gender, race, ethnicity, relationship status and sexual identity stolen when the Agent of Change website provide by vendor We End Violence was hacked. No social security numbers, driver’s license numbers or “other personal identifiable information was impacted,” Cal State Director of Public Affairs Toni Molle said in an email to FoxNews.com.
“It seemed a little unnecessary to me and the fact there is a security breach about that, I'm like, ‘OK, great, the thing I didn't want to do anyway is now endangering my privacy,’” Cal State Northridge student Devan Zarro told ABC7.
We End Violence is one of three vendors providing the no-credit, online courses. It was recommended by the White House task force on campus sexual violence prevention, a Cal State spokeswoman told the San Bernardino Sun.
The two vendors utilized by other Cal State campuses were not hacked. We End Violence first learned of the hack on Aug. 24 and the website was shut down two days later.
“We were working as quickly as we could and had to be sure we had the correct student list and that the CSU system was aware of what was going on … so they could provide their own responses,” We End Violence director Carol Mosely told the LA Times. “We believe in shutting down the website on the 26th we were protecting students at that point.”
Impacted students have been contacted by Cal State and those affected are using new login names and passwords.
“Moreover, the vendor has launched a formal investigation of the matter using a third-party forensic firm,” Molle said.
Jorge Reyes, president of Associated Students at Cal State Northridge, told the San Bernardino Sun that student government leaders are monitoring the situation.
“I think anybody is concerned when something like this leaks out, especially personal information,” Reyes said.
Federal and state law requires colleges to provide the online training. It became necessary when Gov. Jerry Brown signed a bill last year adopting a so-called “affirmative consent” standard for sexual interactions on college campuses. Students who do not complete the training can have a hold placed on their accounts.
Affected campuses were Channel Islands, Los Angeles, San Bernardino, Maritime Academy, Cal Poly Pomona, Northridge, San Diego and Sonoma.