{"id":183164,"date":"2026-01-30T21:02:00","date_gmt":"2026-01-31T02:02:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/30\/hec-gate-event-prompts-larger-questions-about-ua-emails-cybersecurity-the-crimson-white\/"},"modified":"2026-01-31T00:25:08","modified_gmt":"2026-01-31T05:25:08","slug":"hec-gate-event-prompts-larger-questions-about-ua-emails-cybersecurity-the-crimson-white","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/30\/hec-gate-event-prompts-larger-questions-about-ua-emails-cybersecurity-the-crimson-white\/","title":{"rendered":"\u2018Hec-gate\u2019 event prompts larger questions about UA emails, cybersecurity \u2013 The Crimson White"},"content":{"rendered":"<p><a href=\"https:\/\/thecrimsonwhite.com\/126341\/news\/hec-gate-event-prompts-larger-questions-about-ua-emails-cybersecurity\/\">\u2018Hec-gate\u2019 event prompts larger questions about UA emails, cybersecurity \u2013 The Crimson White<\/a><\/p>\n<p><a href=\"https:\/\/thecrimsonwhite.com\/126341\/news\/hec-gate-event-prompts-larger-questions-about-ua-emails-cybersecurity\/\">https:\/\/thecrimsonwhite.com\/126341\/news\/hec-gate-event-prompts-larger-questions-about-ua-emails-cybersecurity\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-30 21:02:00<\/a><\/p>\n<p>Source Domain: <a href=\"thecrimsonwhite.com\">thecrimsonwhite.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>                Following UA student Hector Gutierrez becoming a campus-wide, and nation-wide, celebrity after accidentally sending a recommendation letter to a campus Listserv on Wednesday evening, other questions arose about how he was able to send the email to over 24,000 students to begin with.<br \/>\nTeneshia Arnold, director of the Office of Student Involvement, which operates the Honor Society Eligibility Listserv, said that the Listserv Gutierrez sent his email through had the \u201cappropriate permissions\u201d set up and goes to \u201ca little bit over 24,000\u201d students.<br \/>\n\u201cHector must have had the magical touch,\u201d she said. \u201cI saw in his response that he copied and pasted this email address into his email, and that perhaps is what got it through.\u201d<br \/>\nBarret Elder, director of customer relations for the Office of Information Technology, said the office did have to change the style of the Listserv.<br \/>\n\u201cThere are many options for how to configure a Listserv when it is set up,\u201d he said. \u201cThis one was set to a \u2018discussion forum\u2019 type list, which allows replies to the entire list. Once we became aware of the situation, we changed it to an \u2018information broadcast\u2019 list which only allows the list creators and specified individuals to mail the entire list.\u201d<br \/>\nThe Listserv eventually reached its daily limit of 50 messages and stopped receiving replies. However, students had already leaked their phone numbers and Campus Wide IDs to the thousands of students, which could pose larger security threats.<br \/>\nMatthew Hudnall, an associate professor of management information systems at the University, did his Ph.D. dissertation about secure emailing. He compared the leaking of CWIDs to social security numbers because there are \u201csecurity concerns\u201d when putting it in places such as email signatures.<br \/>\n\u201cI do think identifiers like CWIDs need to be protected whenever possible, because you can get access to a decent amount of things via the student\u2019s last name and CWID, or date of birth and CWID,\u201d he said. \u201cI don\u2019t know anybody who puts their own social security number in their email signature, right?\u201d<\/p>\n<p>Arnold said that there are \u201congoing conversations\u201d between the Office of Student Involvement and the Office of Information Technology to determine if anyone who listed their phone number or CWID in their email signature in a reply on Wednesday night was impacted.<br \/>\nWhile phone numbers are common in email signatures, Elder said adding personal information such as a CWID is \u201cnot recommended,\u201d and if a student provides that information \u201cwillingly\u201d then it does not constitute a data breach.<br \/>\nWhile this email was an accident by an actual University student, others raised concerns about the possibility of the emails being part of a phishing attack or hack.<br \/>\n\u201cJust like you can spoof a spam phone call, you can spoof an email address and make it look like it came from somebody,\u201d Hudnall said. \u201cAnd if the content of the email looks legitimate, it opens it up for various phishing attacks if they open the attachment or they click on a link in an email.\u201d<br \/>\nThe email from Gutierrez included a PDF containing a letter of recommendation an instructor wrote for him. Hudnall said there are currently no known vulnerabilities for PDF attachments, but there is always the possibility of a \u201czero day attack,\u201d in which someone figures out how to hack something no one else has yet.<br \/>\n\u201cThe general rule of thumb is you don\u2019t open attachments unless you\u2019re expecting it and know who it came from,\u201d Hudnall said.<br \/>\nThe Office of Information Technology\u2019s website has a page with email safety tips for students and staff, including guidance on: not to list personal information in your signature, use encryption when needed, think before hitting \u201creply all\u201d and watch out for phishing.<br \/>\n\u201cPersonal security is always a point of emphasis for the OIT cybersecurity team, as it takes all of us to keep our campus safe,\u201d Elder said. \u201cIt is important to avoid revealing personal information that can be used against you.\u201d<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u2018Hec-gate\u2019 event prompts larger questions about UA emails, cybersecurity \u2013 The Crimson White https:\/\/thecrimsonwhite.com\/126341\/news\/hec-gate-event-prompts-larger-questions-about-ua-emails-cybersecurity\/ Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":183165,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/thecrimsonwhite.com\/wp-content\/uploads\/2026\/01\/UG2UrfOZEtuVMCgMM7WegJOfnMhFXhNsqTIFSLd7.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24,25],"class_list":["post-183164","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/183164"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=183164"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/183164\/revisions"}],"predecessor-version":[{"id":183166,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/183164\/revisions\/183166"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/183165"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=183164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=183164"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=183164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}