Home » Campus » Professor mistakenly sends private email to entire department

Professor mistakenly sends private email to entire department

An Ohio State professor sent an email Thursday intended for the department’s undergraduate advising office regarding a student’s medical issues and struggles in class to approximately 2,000 undergraduate students within the College of Engineering, prompting a review by the university.

The mistaken email, sent by Rephael Wenger, an associate professor and the associate chair of the department of computer science and engineering, generated buzz on an online forum.

After the 2,000 students wrongly received the email, the academic advising office within the College of Engineering sent a follow-up email an hour later to the same group of students saying the original email could not be recalled and that the office would be investigating the situation.

Emails sent by authorized users, in this case Wenger, are not moderated, and therefore do not require approval before they are sent.

“I appreciate the concern that several of you have expressed,” said Nikki Strader, an academic advising coordinator for the College of Engineering, in an email responding to the situation. “It is indeed a serious matter, and we are investigating it to the fullest extent. In the meantime, please delete the previous email.”

Despite Strader’s plea, by the next morning, the online post displaying the original email had received hundreds of views and dozens of comments.

“I don’t know what [the university] is going to do. I know we take it extremely seriously. I know the university takes it extremely seriously,” Wenger said the day after his mistake. “It shouldn’t have happened. It was an honest mistake.”

An apologetic and remorseful Wenger was hesitant to delve further into the matter, but acknowledged the review now underway, saying “I know I’m in trouble.”

The university is reviewing its policies on emails from professors and is putting additional steps in place to ensure something like this does not happen again.

“Processes have been put in place to prevent this from happening in the future. The college is thoroughly reviewing the matter and will take any additional appropriate follow up actions that are identified,” university spokesman Ben Johnson said in an email. “The protocol for use of and access to listservs was reviewed and updated to require additional internal approval before messages are distributed.”

A listserv is software used by email platforms to streamline receivers of an email. When a sender chooses a listserv, the one email then goes out to all users on the corresponding list, which in this case was an entire department worth of undergraduate students.

With procedures not previously in place, a simple user error allowed for personal information of a student to be broadcasted to an entire department.


  1. HIPAA & FERPA violated at once–my heart goes out to the student who has been outed regarding their very private concerns. And the irony that it sources from Computer Science & Engineering.

    Perhaps rather than just throw up the PR phrase that appropriate safeguards have been taken, there should genuinely be a more creative approach using this terribly unfortunate incident as the impetus. Use this as a teachable moment. Was Prof Wenger to blame for this unfortunate error? Technically yes, however, what about antiquated systems that could use some additional examinations? Here we are at a top tier research university with access to the mist incredible technology including AI. Why not use this as an opportunity to modify the email software and closely examine use case scenarios to include a selector that the email includes highly sensitive information? Perhaps even check boxes that 1) FERPA 2) HIPAA and 3) confidential. Then if a broad listserv is selected, the email will NOT send without addressing challenges. Put AI processes and some conditional logic in place!

    • Change CCS Intake to Avoid Leaks

      Question: why was this an email and not a phone call for priority intake request to counseling?

      The real problem is that CCS wait times are out of control and unless University faculty directly request a student be “seen” they typically wait 3 weeks for an in-person session. That’s the real headline – and cause – for sensitive student information being constantly communicated over email.




    This message, including attachments, is confidential and may contain information protected by the attorney-client privilege or work product doctrine. If you are not the addressee, any disclosure, copying, distribution, or use of the contents of this message are prohibited. If you have received this email in error, please destroy it and notify me immediately.

    E-mails from this firm normally contain confidential and privileged material, and are for the sole use of the intended recipient. Use or distribution by an unintended recipient is prohibited, and may be a violation of law. If you believe that you received this e-mail in error, please do not read this e-mail or any attached items. Please delete the e-mail and all attachments, including any copies thereof, and inform the sender that you have deleted the e-mail, all attachments and any copies thereof. Thank you.

    This is a transmission from the [name] and may contain information which is privileged, confidential, and protected by the client or professional work product privileges. If you are not the addressee, note that any disclosure, copying, distribution, or use of the contents of this message is prohibited. If you have received this transmission in error, please destroy it and notify us immediately at our telephone number (###) ###-####.**

Leave a Reply

Your email address will not be published.