TUPD security breach publicized crime victim identities
December 3, 2021
For victims of crimes and those receiving medical care, the protection of one’s identity, privacy and dignity is critical.
As of Dec. 2, anyone with a Tulane University email address could access the Tulane University Police Department’s unredacted Daily Activity Reports. The public DARS openly shared the names of victims, witnesses, reporting persons, those seeking medical attention and suspects who interacted with TUPD.
The files were publicly accessible for nearly two years. TUPD was only made aware of their visibility yesterday evening and secured the documents on Dec. 3.
This security breach publicized more than 60 private documents dating back to the fall of 2020. The most recent of these private files was shared on Nov. 20.
Uncensored details of sex crimes, hate crimes, attempted suicides, medical emergencies and other crimes involving Tulane affiliates and non-affiliates were available for viewing. Splash Card numbers, birthdates, phone numbers and addresses were also visible to those with access.
The Clery Act, a federal law regarding campus safety, offers special rights to victims of dating violence, domestic violence, sexual assault and stalking. The Clery Act requires that Tulane protect the confidentiality of these victims in public records, including crime logs, and maintain the confidentiality of any accommodations or protective measures provided to them. This information was not protected within the public documents.
Some of the public documents also included the personal information of patients receiving medical care at the Tulane University Medical Center.
The documents were sent daily by TUPD leadership to a distribution list of 48 people, including administrators, University President Mike Fitts and five TUPD employees. Despite saying “for internal use only,” the files were visible, sharable and downloadable via Microsoft SharePoint and they were neither encrypted nor password protected.
According to sources in the adminstration, officials are working with Tulane’s general counsel and TUPD to determine how the breach occurred and how to prevent future cyber security compromises.
Mickey Mickle (she/her) • Dec 3, 2021 at 4:26 pm
Disgusting how inadequate and broken this police department is. TUPD not only puts students at danger by constantly by being unresponsive and unreliable, but also being present when they are wholly unnecessary. Everyday, fully armed, trained to kill police officers report to mental heath crisis and deal with drunk college kids. We need comprehensive support for students safety that doesn’t involve a police department that can’t even keep their records private. This department is negligent and dangerous. I cannot imagine how victims and survivors feel right now knowing that some of their most vulnerable moments were visible, sharable and downloadable for two full years.
Abolish TUPD.
CONCERNED STUDENT • Dec 4, 2021 at 4:18 pm
There’s 105 fulltime TUPD officers but only one doctor writing prescriptions at Campus Health. Abolish TUPD and divert their funding where it’s actually needed — towards student health and wellbeing.
SSEnior • Dec 4, 2021 at 6:02 pm
Well hopefully they take care of the management issues there first
Anonymous student • Dec 3, 2021 at 2:26 pm
This… from the same university that brags about training cops in their “Homeland Security Studies” program in “cyber security”. This is negligent and harmful. Hope TUPD loses some funding and had the scope of their work reduced, clearly they can’t be trusted with compliance around HIPAA/FERPA etc