Incident Information November 2024

On September 18, 2024, WPI learned that a software application share intended to have restricted staff access only inadvertently allowed other WPI users to access it. The access granted some in the WPI community an ability to view some student personal information. A WPI student inadvertently discovered the broader-than-intended access and self-reported this access to WPI. WPI quickly applied access restrictions to the share.  WPI launched an internal investigation and engaged third-party specialists to validate independently that no other connection occurred. On October 15, 2024, the third-party specialists confirmed that no connection outside of the WPI community occurred. At no time did the public at-large have access to the student information.  On November 5, 2024, WPI used a mailing vendor to mail letters to students whose information resided in the accessible data and provided details about the inadvertent access.

On November 13, 2024, the WPI Police sent an alert to the WPI community advising that the letters represent a scam. The alert was issued in error.  If you received a letter, WPI’s investigation located your information in the accessible dataset. The letter identifies the specific information found in that dataset and the resources available to you to protect your information should you feel the need to do so.  If you did not receive a letter, please disregard the alert and accept WPI’s sincere apologies for any confusion or concern this may have caused. 

Below are some common questions WPI has received about the inadvertent access and response to those questions to help alleviate any concerns:

What is WPI doing to prevent this from happening again?

WPI takes this inadvertent access event and the security of the information in its care very seriously. Upon learning that a software application share was accessible to a broader audience than intended, WPI secured the share and restricted its access. WPI is evaluating its policies and procedures for securing data in its care to ensure that they remain robust and appropriate.

Do you know who is responsible for this event?

This event occurred when a WPI student inadvertently viewed data through a software application share intended to be restricted to WPI staff access only.  No criminal activity occurred or is suspected. 

Is this a scam?

No. If WPI’s investigation located your information in the accessible dataset, WPI mailed a letter to you at your home address as required under state law. The letter is legitimate and contains available information about the inadvertent access event and the resources and services available to you. 

I have additional questions. Where can I find more information?

We recognize that you may have questions not answered through these FAQs. WPI established a third-party call center staffed with a team of individuals prepared to address questions about the inadvertent access event.  Please reach out to our dedicated assistance team at 855-278-0561 with your questions. The team is available Monday through Friday from 9am ET to 9pm ET, excluding US holidays.