According to the college, a support staff member mistakenly emailed a database of 35,212 students to an incorrect external email address.
The employee tried to send the data through the protected RCCD system, but the file was too large. The employee then used a personal email account to send the file to the researcher's personal email address, but mistyped the correct address and sent the data.
In a statement, the district emphasized that there was no outside intrusion into the system; human error was at fault.
"We also want to assure our students and the community that RCCD is committed to protecting student information. We are working hard make sure something like this doesn't happen again," the statement said.
The data included sensitive student information and academic records, including Social Security numbers.
RCCD said there was no indication the email address that was mistakenly sent to was an active account. The investigation was ongoing.
Affected students were contacted to alert them of the situation. State and federal authorities were also notified as required by law, RCCD said.
According to the school district:
- RCCD has established a Call Assistance Center to help students. It is open from 7 a.m. until 7 p.m., Monday through Fridays. It will be active for 90 days.
- RCCD has made free credit protection services for one year available to help prevent the data from being used by unauthorized parties.
- Servers on which sensitive data for research purposes resides have been locked down, with access limited to two RCCD Institutional Effectiveness deans.
- RCCD also is looking at ways to increase and improve employee training in these areas. This is particularly important given the rapid changes in data security threats and protection nationally, as well as the continuing need by various college and district departments to access student information.