DigiNews

Summary

Ars Technica reports on Columbia University's breach affecting unaffiliated individuals who received notification about exposed Social Security numbers. The piece explains the confusing sources of data, delays in notification, and the university’s discovery that a legacy SSN database was not properly deleted. It covers potential class-action implications, regulatory scrutiny, and expert criticism of long-term data retention by educational institutions. The story also discusses broader industry context around data sharing from testing programs and admissions processes and the need for stronger privacy protections.