ASU reports data breach


JONESBORO — Arkansas State University said Friday a data breach may have exposed some personally identifiable information in a database of people who have registered to participate in continuing-education workshops on early childhood care.

The university said it was notified of the breach in the College of Education and Behavior Science’s Department of Childhood Services system late Wednesday by the state Department of Human Services. An estimated 50,000 people may have been affected.

The records of ASU students, faculty and staff were not involved unless those people participated in the Traveling Arkansas Professional Pathways Registry, the university said.

“We have confirmed unauthorized access to data, but we have no reports regarding illegal use of the information in these files,” ASU spokesman Henry Torres said. “We took immediate measures to address this issue after being notified by DHS. We are cooperating with DHS and working with programmers to assess and resolve the situation.”

Torres said the university is contacting all 50,000 people “out of an abundance of caution.” Computer servers containing the databases were immediately disabled, and the university has a third-party security consultant who will assist in addressing the issues, he said.

The TAPP Registry has been taken offline until the review is completed.

Most of the personal information in the database limited Social Security numbers to four or five digits, but the Social Security Administration considers that personally identifiable information, the university said.

DHS and ASU have been working to transfer all data from the university’s IT system to the DHS system since December. DHS is expected to take over the registry in July.

People who think they may have been affected can call (855) 363-1011 to ask questions. More information is also available on ASU’s website, astate.edu.