A U.S. Customs and Border Protection recruiter released personal information for more than 1,300 current and former American University students who participated in an online career fair last week, angering students and raising concerns about the risks posed by virtual events.
The novel coronavirus forced the university's annual spring job fair online, where candidates and recruiters spoke via video chat and instant message. Before the event, the university asked participants to register and provide personal information, including university ID numbers, home addresses, phone numbers and whether they needed visa sponsorship to work in the United States.
Students said they believed the data would be shared only with employers they expressed interest in. But it was sent to all of the 100-plus employers who participated in the virtual fair, including CBP, said Natasha Abel, a university spokeswoman. Students and graduates who signed up for the fair agreed to have that information shared with participating employers, Abel said.
After the event, Roman Jacquez, a recruiter from Customs and Border Protection, sent an email to everyone who signed up for the fair, regardless of whether they expressed interest in working for the agency. The email, which was viewed by The Washington Post, included information about law enforcement positions but also contained the entire data set of candidates' personal information.
Jacquez did not immediately return an email seeking comment. The Rival American, a campus publication, first reported the breach.
In a written statement, CBP said the inclusion of that data was unintentional and that the agency is investigating. The agency not say whether Jacquez has been disciplined.
After the recruiter sent the email, a Customs and Border Protection supervisor emailed the students affected by the breach and said the agency is taking steps to prevent similar errors.
"I would like to assure you that this is not standard practice and we take the dissemination of this information very seriously," the supervisor wrote in an email viewed by The Post.
The university's career center later apologized for the mistake and asked students to delete the email that contained their peers' personal information.
"The Career Center will continue to emphasize the importance of the confidentiality and privacy of your information with employers we engage with in the future and hope this never happens again," Gihan Fernando, executive director of the school's career center, wrote to current and former students.
Connor Reitler, who graduated from AU this year, was one of the 1,370 people who submitted personal information upon registering for the career fair.
"I was under the impression that it would only go to corporations that I was interested in," he said about his data. "A lot of students are feeling very betrayed."
Reitler also shared concerns about what might be done with the data collected.
"They saw who does and doesn't need a visa," which could have implications for undocumented job-seekers, he said.
AU College Democrats, a campus organization for students affiliated with the Democratic Party, criticized the school for sharing students' information.
"No student should ever be put in a place where they have to share their personal information to get a career opportunity," according to a statement.
The campus group is also asking students to sign a petition calling on the university to sever its relationship with the federal agency, citing incidents of "abusive treatment of immigrants and people of color."
The data breach raises privacy concerns at a time when nearly every facet of university life - classes, graduations, campus events - are taking place online.
"As American University is planning its next virtual Job and Internship Fair in the fall, we will make every effort to prevent such errors," Abel said in an email. "We have heard from many attendees who shared their appreciation for the opportunity to connect with so many employers at a difficult time."