October 5, 2021 – Update on the Exposure of Exemption Request Data

Dear Campus Community,

The August data exposure has been a troubling event for our campus to work through. I remain committed to being transparent about what occurred, who was responsible, and how we are addressing the situation.

Here’s what we know at the present time:

Our investigation into the incident has identified an internal employee who abused his position and the responsibility entrusted to him. This person used his access credentials to expose and publish students' confidential information. He is no longer an employee of the University and is facing criminal prosecution.

Our investigation also identified a faculty member who sent to the media the confidential information that had been published by the employee. I'm disappointed that a faculty member put our students’ confidential data at further risk, which violates student confidentiality under the Family Educational Rights and Privacy Act (FERPA).  The University is addressing this incident with the faculty member.

To those directly affected, please accept our sincere apologies for the worry this incident may have caused. To all students and employees: We take the protection of your personal information very seriously and have taken steps to add additional controls and protections. 

I'd like to commend our information technology (IT) security professionals and University Police Department for working efficiently to determine what happened. While I take solace in the fact that our IT security systems weren’t compromised, I'm saddened to learn that employees violated our trust and exposed our students' personal information. 

Chico State is committed to working diligently to enhance security across its platforms, including a thorough review of users' access permissions to safeguard student and employee information.

Sincerely,

Gayle Hutchinson

President