TUPD security breach publicized crime victim identities

Lily Mae Lazarus, Managing Editor

More than 60 private TUPD documents were made publicly available, revealing crime victims’ identities.

For victims of crimes and those receiving medical care, the protection of one’s identity, privacy and dignity is critical. 

As of Dec. 2, anyone with a Tulane University email address could access the Tulane University Police Department’s unredacted Daily Activity Reports. The public DARS openly shared the names of victims, witnesses, reporting persons, those seeking medical attention and suspects who interacted with TUPD. 

The files were publicly accessible for nearly two years. TUPD was only made aware of their visibility yesterday evening and secured the documents on Dec. 3. 

This security breach publicized more than 60 private documents dating back to the fall of 2020. The most recent of these private files was shared on Nov. 20. 

Uncensored details of sex crimes, hate crimes, attempted suicides, medical emergencies and other crimes involving Tulane affiliates and non-affiliates were available for viewing. Splash Card numbers, birthdates, phone numbers and addresses were also visible to those with access. 

The Clery Act, a federal law regarding campus safety, offers special rights to victims of dating violence, domestic violence, sexual assault and stalking. The Clery Act requires that Tulane protect the confidentiality of these victims in public records, including crime logs, and maintain the confidentiality of any accommodations or protective measures provided to them. This information was not protected within the public documents.

Some of the public documents also included the personal information of patients receiving medical care at the Tulane University Medical Center. 

The documents were sent daily by TUPD leadership to a distribution list of 48 people, including administrators, University President Mike Fitts and five TUPD employees. Despite saying “for internal use only,” the files were visible, sharable and downloadable via Microsoft SharePoint and they were neither encrypted nor password protected. 

According to sources in the adminstration, officials are working with Tulane’s general counsel and TUPD to determine how the breach occurred and how to prevent future cyber security compromises.