My SSN was exposed in a breach at Columbia—a school I have no connection with

I asked the College Board if this theory could be true. A spokesperson disputed that any student’s SSN would have been shared with Columbia via an opt-in program called “Student Search.” Prior to 2018, when SSNs stopped being shared entirely, the College Board confirmed that the “only circumstance” in which it would have shared my SSN was if I had requested that my SAT scores be sent to Columbia, something I never did. My frustration grew over four months of dead ends, until I had finally emailed Columbia enough times that it agreed to tell me what was really going on. Columbia failed to delete SSN database Columbia had already faced criticism for taking about a week to notify victims of the breach, since each day without notice increases the risk of identity theft. But for victims with no connection to the school, notification took even longer because, as the university explained, it required more time to track down their contact information. I’m not sure when Columbia first attempted to contact me. The February letter mailed to my dad’s address—where I had not lived since graduating high school—claimed that Columbia had “previously disclosed” the breach to me, though it was my first notification. On Reddit, some users reported that they, too, had gotten notification letters mailed to their parents’ addresses. Others said Columbia managed to find their current addresses. …