![Harvard University [f11photo/Shutterstock]](https://images.dailycaller.com/image/width=960,height=411,fit=cover,f=auto/https://cdn01.dailycaller.com/wp-content/uploads/2016/05/shutterstock_197551889-e1462554411159.jpg "Harvard University [f11photo/Shutterstock]")
Almost one-and-a-half million Harvard emails containing grades, answer keys, bank account numbers, and even one person’s Social Security number were publicly available until Monday afternoon.
Harvard administrators and more than two dozen student managers of the email lists were unaware of the visibility of their contents, as reported by The Harvard Crimson.
The membership of LGBTQ groups were also visible on the public email lists; the Harvard Computer Society emailed list admins Feb. 18, two days after receiving notification from The Harvard Crimson and temporarily closed the public index on February 20.
According to Jacob H. Rooksby, a law dean at Duquesne University, the email lists violated the Family Educational Rights and Privacy Act (FERPA), which guards student privacy.
“The one and only possible penalty is that the Department of Education might remove federal funding,” said Rooksby. “But that’s not going to happen—it has never happened in the history of FERPA.”
Users’ email lists were set as public by default and, out of more than 8,000 total HCS lists, more than 5,500 were publicly accessible.
“We assumed that, in the majority of cases, people had configured their lists correctly,” said Jason T. Goodman, HCS co-president. “We occasionally received requests to make lists private from alumni that had inadvertently created public—made information public, but I would say infrequently. We didn’t think it was likely to be a common issue.”
Harvard’s Chief Technology Officer James H. Waldo advises HCS and said that the default should have been “private.”
Waldo disagreed with Duquesne Dean Rooksby’s assessment of FERPA violations.
“FERPA is really for systematic violations that are intentional of the right to privacy of the students. As far as I can tell, it does not outlaw being careless or stupid,” said the Chief Technology Officer.
Follow Rob Shimshock on Twitter
Send tips to rob@dailycallernewsfoundation.org.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.