US News rates UT as the 18th best graduate business program in the country. This is down from the school’s heyday in the 90’s (before Red McCombs sullied it with his “car money”) and well below the current rankings of the football and basketball programs. Given recent developments, 18th place may well be the high water mark for awhile.

William Powers Jr., the President of UT, stepped into the harsh light of unwanted publicity Sunday afternoon to reveal that the McCombs School of Business allowed unauthorized access to 197,000 electronic records from the school’s database of students, alumni, and anyone else with the misfortune of leaving their digital scent wafting through the GSB.

The intrusion, which is alleged to have come from the shadowy nether-regions of the “Far East” (how exotic!), took place over a two week period in April. UT had hoped to keep the messy affair quiet, but it quickly became apparent that the scope exceeded a private solution; the Finance department at McCombs determined through cost / benefit analysis that the school could only placate up to 32,000 victims with Vince Young jerseys, and thus opted for broad public humiliation instead.

This theft is hardly a ringing endorsement for a school that prides itself on its Information Management program specializing in e-commerce and IT management (but apparently without much emphasis on data security or customer privacy). And the school’s response thus far has all the tech savvy of a glee club bake sale. President Powers went public on Sunday by saying “you can’t communicate personally to 197,000 people,” which seems odd given that these people just had their personalized electronic information lifted. I would think that if penis pill spammers can figure out how to send personalized communications without an entire digital dossier, the McComb’s IM wizards might be able to cobble something together.

Universities need alumni support to thrive, and not just for paying off student-athletes and propping up the burnt orange dye industry. If you want new buildings and endowments, it’s probably best to avoid letting the donors get ID-jacked. And if it does happen, try to do a little better than setting up an obligatory website that consists of a press release (“we screwed up”) and resources for contacting credit agencies (“now you deal with it”). Didn’t anyone think to consult with the Marketing department on this?