Students said they believed the data would be shared only with employers they expressed interest in. But it was made available to all of the 100-plus employers who participated in the virtual fair, including CBP, said Natasha Abel, a university spokeswoman.
Students and graduates who signed up for the fair agreed to have that information shared with participating employers, Abel said. Job-seekers could opt-out of sharing data and still participate in the event.
After the event, Roman G. Jacquez, a CBP recruiter, sent an email to everyone who signed up for the fair, regardless of whether they expressed interest in working for the agency. The email, which was viewed by The Washington Post, included information about law enforcement positions but also contained the entire data set of candidates’ personal information.
Jacquez did not immediately return an email seeking comment. The Rival American, a campus publication, first reported the breach.
In a written statement, CBP said the inclusion of that data was unintentional and that the agency is investigating. The agency not say whether Jacquez has been disciplined.
After the recruiter sent the email, a CBP supervisor emailed the students affected by the breach and said the agency is taking steps to prevent similar errors.
“I would like to assure you that this is not standard practice and we take the dissemination of this information very seriously,” the supervisor wrote in an email viewed by The Post.
The university’s career center later apologized for the mistake and asked students to delete the email that contained their peers’ personal information.
“The Career Center will continue to emphasize the importance of the confidentiality and privacy of your information with employers we engage with in the future and hope this never happens again,” Gihan Fernando, executive director of the school’s career center, wrote to current and former students.
Connor Reitler, who graduated from AU this year, was one of the 1,370 people who submitted personal information upon registering for the career fair.
“I was under the impression that it would only go to corporations that I was interested in,” he said about his data. “A lot of students are feeling very betrayed.”
Reitler also shared concerns about what might be done with the data collected.
“They saw who does and doesn’t need a visa,” which could have implications for undocumented job-seekers, he said.
AU College Democrats, a campus organization for students affiliated with the Democratic Party, criticized the school for sharing students’ information.
“No student should ever be put in a place where they have to share their personal information to get a career opportunity,” according to a statement.
The campus group is also asking students to sign a petition calling on the university to sever its relationship with the federal agency, citing incidents of “abusive treatment of immigrants and people of color.”
The data breach raises privacy concerns at a time when nearly every facet of university life — classes, graduations, campus events — are taking place online.
“As American University is planning its next virtual Job and Internship Fair in the fall, we will make every effort to prevent such errors,” Abel said in an email. “We have heard from many attendees who shared their appreciation for the opportunity to connect with so many employers at a difficult time.”