Mass email exposes personal data of Georgia Tech students, again

After a similar incident last year and a major data breach in April, the university's "emergency response team" is now instating "corrective action."
excel file on laptop
(Getty Images)

A staff member at the Georgia Institute of Technology accidentally sent an email containing personal student information to more than 1,100 students, the university announced Thursday. 

The email sent this week contained an attachment that included the names, ethnicities, school ID numbers, email addresses and GPAs of an undisclosed number of students, according to a university press release. The attached file did not include Social Security information, the school said.

All students affected were reportedly notified Wednesday and Georgia Tech’s Office of Information Technology is now working to “recall” as many of the emails as possible.

“An emergency response team has been convened,” the university’s notice reads. “The team will work to implement immediate corrective action and enact comprehensive changes to Georgia Tech’s data governance enterprise.”


Georgia Tech has faced a series of similar incidents in recent memory, with a data breach affecting 1.3 million of its current and former students, faculty and staff constituting the most severe case last April. In that incident, an unknown outside actor accessed a university database that contained names, addresses, Social Security numbers and birth dates.

About 8,000 students at Georgia Tech had their personal information compromised last year when an administrator accidentally attached personal information in a mass email, similar to this week’s incident.

Such incidents involving spreadsheets being passed around via email on university campuses are somewhat common, despite continual reprobation from cybersecurity and data-privacy experts.

An email attachment sent by an administrator at the University of Pittsburgh’s Graduate School of Public Health last month advertised the tuition information of 38 students to a handful of unintended recipients.

In March, applicants to the University of Chicago Law School had their information — including names, contact information, academic data like GPAs and test scores, and admissions decisions — shared with 297 students who were admitted into the program thanks to an accidental mass email.


At Georgia Tech, an announcement on how the university intends to prevent this from happening again will come in the days ahead.

Latest Podcasts